Analysis
-
max time kernel
151s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
23/04/2023, 01:31
General
-
Target
86363226fc4b59da604231bc51c1c0461680839bf33566f109d3272388ffcd88.exe
-
Size
228KB
-
MD5
f68a75373994ac14735b965b3d97162b
-
SHA1
c57535e961d95b572d8e6d6639a88c52c2855165
-
SHA256
86363226fc4b59da604231bc51c1c0461680839bf33566f109d3272388ffcd88
-
SHA512
7916e1a8ae7b0e3059a97d1cbdbfef146a5c7df778c0c3e4f3e999ca6098f6722eced52337336b94bdb6d183de3446e0210d84b885d68aa870e9cd15a45c08e3
-
SSDEEP
3072:OP1E92YqkZuiiJ6hA4FgBQnUVxSHdI4s6Lirt782vRJ5VCF4m/4xF:OqfuiiJ0FJUVmdNMrWCJ04m/M
Malware Config
Extracted
smokeloader
pu10
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Signatures
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of SetThreadContext 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\86363226fc4b59da604231bc51c1c0461680839bf33566f109d3272388ffcd88.exe"C:\Users\Admin\AppData\Local\Temp\86363226fc4b59da604231bc51c1c0461680839bf33566f109d3272388ffcd88.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\86363226fc4b59da604231bc51c1c0461680839bf33566f109d3272388ffcd88.exe"C:\Users\Admin\AppData\Local\Temp\86363226fc4b59da604231bc51c1c0461680839bf33566f109d3272388ffcd88.exe"2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
88KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
8KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
8KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
8KB
-
Filesize
40KB
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
36KB