Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
481s -
max time network
446s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
13/07/2023, 23:57
General
-
Target
pub2.exe
-
Size
285KB
-
MD5
f9d940ab072678a0226ea5e6bd98ebfa
-
SHA1
853c784c330cbf88ab4f5f21d23fa259027c2079
-
SHA256
0be77f05a9c4d30f2ec4f5636179f0e2f85e3f5441f5854a0872de4f63aceffd
-
SHA512
6766488893d9975ce44e1cdba427f0e65adba47dec26f6d16708be4efeb7f431da9a76647e8ec2ecd00bfb8d5d7e37c5a168b9de3cca45cc8c9b144bc650a1ef
-
SSDEEP
3072:WldDqIdHGqbHQec51/b3RAM7RANA9S20kewWKuD/ZXt4huVesqC89XPolIcvbm5:AdGU7HQv1/bBAYdSjZ9ousI+Yh
Malware Config
Extracted
smokeloader
pub2
Extracted
smokeloader
2020
http://govsurplusstore.com/upload/
http://best-forsale.com/upload/
http://chmxnautoparts.com/upload/
http://kwazone.com/upload/
Signatures
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 36 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\pub2.exe"C:\Users\Admin\AppData\Local\Temp\pub2.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\Users\Admin\AppData\Roaming\euijwadC:\Users\Admin\AppData\Roaming\euijwad1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious behavior: MapViewOfSection
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
285KB
MD5f9d940ab072678a0226ea5e6bd98ebfa
SHA1853c784c330cbf88ab4f5f21d23fa259027c2079
SHA2560be77f05a9c4d30f2ec4f5636179f0e2f85e3f5441f5854a0872de4f63aceffd
SHA5126766488893d9975ce44e1cdba427f0e65adba47dec26f6d16708be4efeb7f431da9a76647e8ec2ecd00bfb8d5d7e37c5a168b9de3cca45cc8c9b144bc650a1ef
-
Filesize
285KB
MD5f9d940ab072678a0226ea5e6bd98ebfa
SHA1853c784c330cbf88ab4f5f21d23fa259027c2079
SHA2560be77f05a9c4d30f2ec4f5636179f0e2f85e3f5441f5854a0872de4f63aceffd
SHA5126766488893d9975ce44e1cdba427f0e65adba47dec26f6d16708be4efeb7f431da9a76647e8ec2ecd00bfb8d5d7e37c5a168b9de3cca45cc8c9b144bc650a1ef
-
Filesize
1024KB
-
Filesize
39.6MB
-
Filesize
39.6MB
-
Filesize
1024KB
-
Filesize
36KB
-
Filesize
39.6MB
-
Filesize
39.6MB
-
Filesize
36KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB