Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
14/02/2023, 18:31
Static task
static1
Behavioral task
behavioral1
Sample
1691f24256a1336b1d215333edf505af6e8096f2e3e36a7bb5e1d21d8770d383.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
1691f24256a1336b1d215333edf505af6e8096f2e3e36a7bb5e1d21d8770d383.exe
-
Size
193KB
-
MD5
2215ba7aca6058bd53f13925c6e9dee5
-
SHA1
2b13cae7e64a3f653cc4de746359e89e487a42e7
-
SHA256
1691f24256a1336b1d215333edf505af6e8096f2e3e36a7bb5e1d21d8770d383
-
SHA512
e05cd0737749a1ade4a0f4816bf6c38848d20de7637ae5e119197c14fb6dea42101fc81411a701cb186f169165fb3d69dbba996a614c51bc86393bd31d49ad52
-
SSDEEP
3072:lIu6L8ghVM5VxZiLipLCOnkGP6DoSLGXdsID6U0fgfF:ULjhVIxZiLipOO5RXh2fg
Score
10/10
Malware Config
Signatures
-
Detects Smokeloader packer 1 IoCs
resource yara_rule behavioral1/memory/4332-133-0x0000000000800000-0x0000000000809000-memory.dmp family_smokeloader -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 1691f24256a1336b1d215333edf505af6e8096f2e3e36a7bb5e1d21d8770d383.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 1691f24256a1336b1d215333edf505af6e8096f2e3e36a7bb5e1d21d8770d383.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 1691f24256a1336b1d215333edf505af6e8096f2e3e36a7bb5e1d21d8770d383.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4332 1691f24256a1336b1d215333edf505af6e8096f2e3e36a7bb5e1d21d8770d383.exe 4332 1691f24256a1336b1d215333edf505af6e8096f2e3e36a7bb5e1d21d8770d383.exe 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found 2584 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2584 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 4332 1691f24256a1336b1d215333edf505af6e8096f2e3e36a7bb5e1d21d8770d383.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1691f24256a1336b1d215333edf505af6e8096f2e3e36a7bb5e1d21d8770d383.exe"C:\Users\Admin\AppData\Local\Temp\1691f24256a1336b1d215333edf505af6e8096f2e3e36a7bb5e1d21d8770d383.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4332