Overview

overview

10

Static

static

fd3573d494...fc.exe

windows7-x64

10

fd3573d494...fc.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    29s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2023 06:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd3573d4946a124e1015e953e50635fc.exe

  • Size

    322KB

  • MD5

    fd3573d4946a124e1015e953e50635fc

  • SHA1

    bb65a9fc053df8ae09f7d38cdc162b69a1242e13

  • SHA256

    056a9f3c70ffbfa9acd8551c4a229d28a9bf86df1e9be33011a50e92def38807

  • SHA512

    006098c6e18d6b5f0c3302a813832bb13c430f49a5239b6dd3e9696ca1559c3ca1f285b65fea5d867fec7425f7ced16127798db07673612ee5696501b6f6b1c8

  • SSDEEP

    3072:DXOmr55oqxbF7TN/N5umJ+eK7Lc86ywGTrLnpVTmQPlZzkuWdjJrhtHXcTz5VbmC:7Jd5Tbp/um3kwArLptRPwTHHXcjmf/y

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fd3573d4946a124e1015e953e50635fc.exe
    "C:\Users\Admin\AppData\Local\Temp\fd3573d4946a124e1015e953e50635fc.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1204

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1204-54-0x0000000075C41000-0x0000000075C43000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1204-55-0x00000000004ED000-0x0000000000503000-memory.dmp
    Filesize

    88KB

    Download
  • memory/1204-56-0x00000000002A0000-0x00000000002A9000-memory.dmp
    Filesize

    36KB

    Download
  • memory/1204-57-0x0000000000400000-0x0000000000456000-memory.dmp
    Filesize

    344KB

    Download
  • memory/1204-58-0x0000000000400000-0x0000000000456000-memory.dmp
    Filesize

    344KB

    Download