Overview

overview

10

Static

static

1

b45d683efd...8a.exe

windows7-x64

10

b45d683efd...8a.exe

windows10-2004-x64

10

Resubmissions

19-02-2023 21:04

230219-zwxedaga7w 10

19-02-2023 18:51

230219-xhma5sfg4z 10

Analysis

  • max time kernel
    301s
  • max time network
    295s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-02-2023 21:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b45d683efd7ec95afd23317e2c0e9ca178b16c0d9f4f3c2363035dd10e24698a.exe

  • Size

    227KB

  • MD5

    8e9b5572a7470a015a4bd2b91fd78ab0

  • SHA1

    4e4d5406696a6d00bcf54633aba6f2f68c80ad72

  • SHA256

    b45d683efd7ec95afd23317e2c0e9ca178b16c0d9f4f3c2363035dd10e24698a

  • SHA512

    c7dc66b40a791dd83c3beb44adb010ba7238bc9fc04eeb0c3e172c905a4ef04530dc1447a08d5046b8afb19c4e1ede6aea928edea8f7cfd54dec8ce9b50197af

  • SSDEEP

    3072:sB/aYaPSLD1P/m0a0k0IiqCRfsB5xJ7zg6qeL+VqYsPAl/Mvcf1iBh2s:6LaPSLFm0lJqCRfgdgRjwnPpENiH2

Score
10/10
smokeloaderbackdoorspywaretrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of WriteProcessMemory 45 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b45d683efd7ec95afd23317e2c0e9ca178b16c0d9f4f3c2363035dd10e24698a.exe
    "C:\Users\Admin\AppData\Local\Temp\b45d683efd7ec95afd23317e2c0e9ca178b16c0d9f4f3c2363035dd10e24698a.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2732
  • C:\Users\Admin\AppData\Local\Temp\177F.exe
    C:\Users\Admin\AppData\Local\Temp\177F.exe
    1⤵
    • Executes dropped EXE
    PID:816
  • C:\Users\Admin\AppData\Local\Temp\1C43.exe
    C:\Users\Admin\AppData\Local\Temp\1C43.exe
    1⤵
    • Executes dropped EXE
    PID:552
  • C:\Users\Admin\AppData\Local\Temp\22BC.exe
    C:\Users\Admin\AppData\Local\Temp\22BC.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3544
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4436
  • C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    1⤵
      PID:4832
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      1⤵
        PID:4192
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        1⤵
          PID:644
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          1⤵
            PID:2492
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:2508
            • C:\Windows\SysWOW64\explorer.exe
              C:\Windows\SysWOW64\explorer.exe
              1⤵
                PID:4400
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:2984
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe
                  1⤵
                    PID:3604
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:2452

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\177F.exe
                      Filesize

                      4KB

                      MD5

                      9748489855d9dd82ab09da5e3e55b19e

                      SHA1

                      6ed2bf6a1a53a59cd2137812cb43b5032817f6a1

                      SHA256

                      05bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b

                      SHA512

                      7eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\177F.exe
                      Filesize

                      4KB

                      MD5

                      9748489855d9dd82ab09da5e3e55b19e

                      SHA1

                      6ed2bf6a1a53a59cd2137812cb43b5032817f6a1

                      SHA256

                      05bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b

                      SHA512

                      7eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\1C43.exe
                      Filesize

                      4KB

                      MD5

                      9748489855d9dd82ab09da5e3e55b19e

                      SHA1

                      6ed2bf6a1a53a59cd2137812cb43b5032817f6a1

                      SHA256

                      05bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b

                      SHA512

                      7eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\1C43.exe
                      Filesize

                      4KB

                      MD5

                      9748489855d9dd82ab09da5e3e55b19e

                      SHA1

                      6ed2bf6a1a53a59cd2137812cb43b5032817f6a1

                      SHA256

                      05bdd09d934144589f7b90ac4ef6e8d7743c35f551219d98bc7fc933f98a157b

                      SHA512

                      7eebbc3e42aad1af304ba38ca0c74e5f2293a630d98d4cfd48957f5f288bcb52cf323421c2b166e3b459450d5ef024167f8729b7b4b66651a34c3c3d4581a2be

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\22BC.exe
                      Filesize

                      341KB

                      MD5

                      c20d2ff0ab8d3d3e704267ba84209d18

                      SHA1

                      7a5e7f65b8b90c0206ff4bad6d00c9c12e991703

                      SHA256

                      1a9d1912f5180eaef3e81cb1d9d2abd61c7ff6b9c952c55a8390adc10a7c4777

                      SHA512

                      1dfc0f4c1ddf12deca8515044ec24161f0cd2e4dfdd5139ddd1ab390c51d3cb80f2b0c766fd353f0622fc090eb1a3de1f8727ac0ea713bf70b9ccd0c2d4b1724

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\22BC.exe
                      Filesize

                      341KB

                      MD5

                      c20d2ff0ab8d3d3e704267ba84209d18

                      SHA1

                      7a5e7f65b8b90c0206ff4bad6d00c9c12e991703

                      SHA256

                      1a9d1912f5180eaef3e81cb1d9d2abd61c7ff6b9c952c55a8390adc10a7c4777

                      SHA512

                      1dfc0f4c1ddf12deca8515044ec24161f0cd2e4dfdd5139ddd1ab390c51d3cb80f2b0c766fd353f0622fc090eb1a3de1f8727ac0ea713bf70b9ccd0c2d4b1724

                      Download Submit

                    • memory/552-144-0x00007FFF38040000-0x00007FFF38B01000-memory.dmp

                      Filesize

                      10.8MB

                      Download

                    • memory/644-165-0x0000000000F60000-0x0000000000F69000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/644-164-0x0000000000F70000-0x0000000000F75000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/644-195-0x0000000000F70000-0x0000000000F75000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/816-139-0x0000000000F10000-0x0000000000F18000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/816-140-0x00007FFF38040000-0x00007FFF38B01000-memory.dmp

                      Filesize

                      10.8MB

                      Download

                    • memory/2452-191-0x00000000001A0000-0x00000000001A8000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/2452-199-0x00000000001A0000-0x00000000001A8000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/2452-192-0x0000000000190000-0x000000000019B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/2492-169-0x0000000000390000-0x000000000039C000-memory.dmp

                      Filesize

                      48KB

                      Download

                    • memory/2492-168-0x00000000003A0000-0x00000000003A6000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/2508-196-0x0000000000190000-0x00000000001B2000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/2508-173-0x0000000000160000-0x0000000000187000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/2508-172-0x0000000000190000-0x00000000001B2000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/2732-132-0x000000000077C000-0x0000000000791000-memory.dmp

                      Filesize

                      84KB

                      Download

                    • memory/2732-135-0x0000000000400000-0x000000000061A000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/2732-134-0x0000000000400000-0x000000000061A000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/2732-133-0x0000000000730000-0x0000000000739000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/2984-184-0x0000000000550000-0x000000000055B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/2984-198-0x0000000000560000-0x0000000000566000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/2984-183-0x0000000000560000-0x0000000000566000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/3604-189-0x00000000010A0000-0x00000000010AD000-memory.dmp

                      Filesize

                      52KB

                      Download

                    • memory/3604-188-0x00000000010B0000-0x00000000010B7000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/4192-158-0x0000000000EC0000-0x0000000000EC9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4192-194-0x0000000000EC0000-0x0000000000EC9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4192-159-0x0000000000EB0000-0x0000000000EBF000-memory.dmp

                      Filesize

                      60KB

                      Download

                    • memory/4400-197-0x0000000000380000-0x0000000000385000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/4400-178-0x0000000000380000-0x0000000000385000-memory.dmp

                      Filesize

                      20KB

                      Download

                    • memory/4400-180-0x0000000000370000-0x0000000000379000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4436-187-0x00000000080E0000-0x000000000860C000-memory.dmp

                      Filesize

                      5.2MB

                      Download

                    • memory/4436-166-0x0000000005500000-0x000000000553C000-memory.dmp

                      Filesize

                      240KB

                      Download

                    • memory/4436-163-0x00000000055D0000-0x00000000056DA000-memory.dmp

                      Filesize

                      1.0MB

                      Download

                    • memory/4436-185-0x00000000079E0000-0x0000000007BA2000-memory.dmp

                      Filesize

                      1.8MB

                      Download

                    • memory/4436-181-0x00000000064E0000-0x00000000064FE000-memory.dmp

                      Filesize

                      120KB

                      Download

                    • memory/4436-175-0x0000000006A40000-0x0000000006FE4000-memory.dmp

                      Filesize

                      5.6MB

                      Download

                    • memory/4436-171-0x0000000005870000-0x00000000058D6000-memory.dmp

                      Filesize

                      408KB

                      Download

                    • memory/4436-160-0x0000000005A30000-0x0000000006048000-memory.dmp

                      Filesize

                      6.1MB

                      Download

                    • memory/4436-161-0x00000000054A0000-0x00000000054B2000-memory.dmp

                      Filesize

                      72KB

                      Download

                    • memory/4436-174-0x00000000063F0000-0x0000000006482000-memory.dmp

                      Filesize

                      584KB

                      Download

                    • memory/4436-177-0x0000000006490000-0x00000000064E0000-memory.dmp

                      Filesize

                      320KB

                      Download

                    • memory/4436-179-0x0000000006560000-0x00000000065D6000-memory.dmp

                      Filesize

                      472KB

                      Download

                    • memory/4436-150-0x0000000000400000-0x0000000000446000-memory.dmp

                      Filesize

                      280KB

                      Download

                    • memory/4832-193-0x0000000000F70000-0x0000000000F77000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/4832-156-0x0000000000F70000-0x0000000000F77000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/4832-157-0x0000000000F60000-0x0000000000F6B000-memory.dmp

                      Filesize

                      44KB

                      Download