Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

cfgtbvh.exe

windows7-x64

10

cfgtbvh.exe

windows10-2004-x64

10

Resubmissions

05/04/2023, 07:25 UTC

230405-h87mfaed2x 10

04/04/2023, 22:20 UTC

230404-183btscc4v 10

Analysis

  • max time kernel
    150s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    04/04/2023, 22:20 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cfgtbvh.exe

  • Size

    237KB

  • MD5

    51b3cddd75069bda9deb36fd539442e2

  • SHA1

    a5183c20f329a3ea3726ce2c8300b0f2654ab531

  • SHA256

    f0098ef0f31aa50b097bfb3ac7e420c518a697394a0ffed54640a55045263fa9

  • SHA512

    50e78682a53f0ef631e7faaf2892057b35e5895afee8d8520f2a3a49f99e239912bef67e8ebe70b099528b5a1753a06aad0675bc3dec64b9a2e7b605ced2d06c

  • SSDEEP

    6144:DL3v+mWnRzxvqRYwqgft1rSVsMAdaV/BaW:D7v+myRtqRYRgX20di/F

Score
10/10
smokeloaderpub4backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/
rc4.i32
1
0x3b22e540
rc4.i32
1
0xa6b397e0

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cfgtbvh.exe
    "C:\Users\Admin\AppData\Local\Temp\cfgtbvh.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2044

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1248-56-0x0000000002910000-0x0000000002926000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2044-55-0x00000000001B0000-0x00000000001B9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2044-57-0x0000000000400000-0x00000000007EF000-memory.dmp

    Filesize

    3.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.