Overview

overview

10

Static

static

1

79fe08c83e...4a.exe

windows7-x64

10

79fe08c83e...4a.exe

windows10-2004-x64

10

Resubmissions

21-02-2024 21:44

240221-1lqdrafg5w 10

21-02-2024 18:39

240221-xanh8sdd21 10

15-02-2023 18:24

230215-w18fnada5x 10

15-02-2023 17:35

230215-v6c19scg9t 10

10-02-2023 13:30

230210-qr8geaah9x 10

10-02-2023 13:25

230210-qn1x6abc29 10

10-02-2023 13:11

230210-qe8awaag29 10

29-01-2023 06:15

230129-gzxv7sbe38 10

29-01-2023 06:02

230129-grzptsbb44 10

Analysis

  • max time kernel
    20s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    15-02-2023 17:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79fe08c83e8f2f3679c3dfdcff6698b92489fa915ccfb3c3458827861034814a.exe

  • Size

    298KB

  • MD5

    11511ba5fd4de1fc5051d0bcefb388ae

  • SHA1

    5e9476f39df92e01d0952e703869e71f85d470cd

  • SHA256

    79fe08c83e8f2f3679c3dfdcff6698b92489fa915ccfb3c3458827861034814a

  • SHA512

    904f0e3a252cd0ef8108492de955ac520008b10b66da736cc4bbdc6a8c3736440a9a11edb73707ba415d7f3f4c2c590dfa983aca01864b9d66a6c3559ed744e9

  • SSDEEP

    3072:0pb2LIT54Ga9Qzgp4gaCJrSjgBoMZmYKxQCBnIyCSyxzID1C7hZW0KIsiuNZ:xLIKGa96dfkBoMsDlqSwzIDM/KPP

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79fe08c83e8f2f3679c3dfdcff6698b92489fa915ccfb3c3458827861034814a.exe
    "C:\Users\Admin\AppData\Local\Temp\79fe08c83e8f2f3679c3dfdcff6698b92489fa915ccfb3c3458827861034814a.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2032

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2032-54-0x00000000767B1000-0x00000000767B3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2032-56-0x0000000000230000-0x0000000000239000-memory.dmp
    Filesize

    36KB

    Download
  • memory/2032-55-0x00000000005EB000-0x0000000000601000-memory.dmp
    Filesize

    88KB

    Download
  • memory/2032-57-0x0000000000400000-0x0000000000467000-memory.dmp
    Filesize

    412KB

    Download
  • memory/2032-58-0x0000000000400000-0x0000000000467000-memory.dmp
    Filesize

    412KB

    Download