Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-06-2023 10:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    223KB

  • MD5

    f06e5ece5b37477bf44cf7f35a21cd88

  • SHA1

    3d6a568da6d2e6e5f52fdde58586100dd96790e2

  • SHA256

    64c99e86f8722c5b825250b3302a2eafc652a09108a3213e124f173f10be2eeb

  • SHA512

    5f965b910e64c3ff613ae28211cd53df3d9496ab5d425dd5b593c8103d9688ab8fad4aa063a5f24f5eb3486eec3120c29764a532d6f2d7ba6d0f5b6665891ffa

  • SSDEEP

    3072:T40cYchfABTfjRvEDOZv+rO61HaLeKen5MQGcM:804o9TZm6SHaLVfD

Score
10/10
smokeloaderpub5backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub5

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/
rc4.i32
rc4.i32

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:3756

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3196-157-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-175-0x00000000028D0000-0x00000000028D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3196-135-0x0000000000A00000-0x0000000000A16000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3196-142-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-143-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-144-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-145-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-146-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-176-0x00000000028F0000-0x00000000028FB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3196-148-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-149-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-150-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-151-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-152-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-153-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-154-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-155-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-156-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-147-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-158-0x0000000007420000-0x0000000007422000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3196-164-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-160-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-161-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-162-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-163-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-159-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-165-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-166-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-167-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-168-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-169-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-170-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-171-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-172-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-173-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3196-174-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3756-136-0x0000000000400000-0x00000000004C5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/3756-134-0x0000000000660000-0x0000000000669000-memory.dmp

    Filesize

    36KB

    Download