Analysis
-
max time kernel
150s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
14/02/2023, 17:31
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
djvulaplasrhadamanthyssmokeloadervidar19backdoorclipperdiscoverypersistenceransomwarespywarestealertrojanvmprotect
windows10-2004-x64
41 signatures
150 seconds
General
-
Target
file.exe
-
Size
192KB
-
MD5
421d7b773828d31b34f9e31d6c89aad7
-
SHA1
dc470438bd47832894dec67bd9dcf9e55ec94ad5
-
SHA256
e91b1a8de5c7ecf9e59e1555b93e48f9f2cde60809386f490cb646b3f15fada9
-
SHA512
ad7b7df6f85076a9dc308e59f5deda557f7323ae44118b40452fdfdd61d9be0e35e953b689dd64a7fa5cdaa200c29b088a33e7bef8ea17b3b5c747166cd3043a
-
SSDEEP
3072:SRhLow1h45V+2OEM4WSqTCjsQcLfA8fxeM/2ga:ALBhk+2O9H7qIgM+
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/1732-56-0x00000000001B0000-0x00000000001B9000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI file.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1732 file.exe 1732 file.exe 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found 1248 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1248 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1732 file.exe