smokeloader | cb703ad4579e744a3771e39b08134fff77c5cd172e8b0e11be941b7ccb2199f2

Analysis

max time kernel
300s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
03-08-2023 07:01

Target

cb703ad4579e744a3771e39b08134fff77c5cd172e8b0e11be941b7ccb2199f2.exe
Size

288KB
MD5

93975a8b4e591ef7b093c0918b3529a4
SHA1

1ee111b47e541435b139f728ec4626f544c257eb
SHA256

cb703ad4579e744a3771e39b08134fff77c5cd172e8b0e11be941b7ccb2199f2
SHA512

3728a80724acf0bd3e4f767abf8d4c6dc9386fc932381a74678c640b62f3bd71f864f7c4d0aa77dd203aa5badbf1a1a4f0fb8990a343200c052e9262ba7e193a
SSDEEP

3072:wN9NiWI5ZubuTLBJ0j+uyTcMuvwew0ulOGZ+BchFA0XKk+1HqVEWj:sz+5ZubKLBJ0jsTFuPw0eOqUCFAP1H

Score

10^/10

Family

smokeloader

Botnet

0020

Family

smokeloader

Version

2022

https://nebraska-pizza.com/search.php

https://alaska-ships.com/search.php

rc4.i32

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader

Deletes itself 1 IoCs

pid	Process
1280	Process not Found

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2224	cb703ad4579e744a3771e39b08134fff77c5cd172e8b0e11be941b7ccb2199f2.exe
2224	cb703ad4579e744a3771e39b08134fff77c5cd172e8b0e11be941b7ccb2199f2.exe
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found
1280	Process not Found

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1280	Process not Found

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2224	cb703ad4579e744a3771e39b08134fff77c5cd172e8b0e11be941b7ccb2199f2.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1280	Process not Found

memory/1280-57-0x0000000002970000-0x0000000002986000-memory.dmp

Filesize
88KB

Download
memory/1280-63-0x000007FEF5A20000-0x000007FEF5B63000-memory.dmp

Filesize
1.3MB

Download
memory/1280-64-0x000007FEA8D60000-0x000007FEA8D6A000-memory.dmp

Filesize
40KB

Download
memory/1280-68-0x000007FEF5A20000-0x000007FEF5B63000-memory.dmp

Filesize
1.3MB

Download
memory/1280-69-0x000007FEA8D60000-0x000007FEA8D6A000-memory.dmp

Filesize
40KB

Download
memory/2224-54-0x00000000003C0000-0x00000000003D5000-memory.dmp

Filesize
84KB

Download
memory/2224-55-0x00000000001B0000-0x00000000001B9000-memory.dmp

Filesize
36KB

Download
memory/2224-56-0x0000000000400000-0x0000000002437000-memory.dmp

Filesize
32.2MB

Download
memory/2224-58-0x0000000000400000-0x0000000002437000-memory.dmp

Filesize
32.2MB

Download
memory/2224-61-0x00000000001B0000-0x00000000001B9000-memory.dmp

Filesize
36KB

Download
memory/2224-62-0x00000000003C0000-0x00000000003D5000-memory.dmp

Filesize
84KB

Download