smokeloader | d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce

Analysis

max time kernel
300s
max time network
246s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
05/08/2023, 04:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe
Size

305KB
MD5

c84ded775d454fc674c6385a58a8112d
SHA1

ce5e15cbeb241bcb62780824df8889e8d0386d35
SHA256

d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce
SHA512

70840e026b2f5add74dede5000b8c9eaca4e5092046c324329bac8c83819b5f4e29d7ecaea9fcac5e21f6d5178e89149cc4c16d3d3f058d7d68c98afa1222336
SSDEEP

3072:h1PbkQZ5uZhLib8HmWxo0kSDAZW5bFERbdTJkmGTj3YD5G:/bk5Msm+kScM5RmbdTemGv3Y

Score

10^/10

smokeloader up3 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

Signatures

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader

Deletes itself 1 IoCs

pid	Process
3264	Process not Found

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2540 set thread context of 4000	2540	d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe	71

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4000	d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe
4000	d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found
3264	Process not Found

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3264	Process not Found

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
4000	d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3264	Process not Found
Token: SeCreatePagefilePrivilege	3264	Process not Found
Token: SeShutdownPrivilege	3264	Process not Found
Token: SeCreatePagefilePrivilege	3264	Process not Found
Token: SeShutdownPrivilege	3264	Process not Found
Token: SeCreatePagefilePrivilege	3264	Process not Found
Token: SeShutdownPrivilege	3264	Process not Found
Token: SeCreatePagefilePrivilege	3264	Process not Found
Token: SeShutdownPrivilege	3264	Process not Found
Token: SeCreatePagefilePrivilege	3264	Process not Found
Token: SeShutdownPrivilege	3264	Process not Found
Token: SeCreatePagefilePrivilege	3264	Process not Found
Token: SeShutdownPrivilege	3264	Process not Found
Token: SeCreatePagefilePrivilege	3264	Process not Found
Token: SeShutdownPrivilege	3264	Process not Found
Token: SeCreatePagefilePrivilege	3264	Process not Found
Token: SeShutdownPrivilege	3264	Process not Found
Token: SeCreatePagefilePrivilege	3264	Process not Found
Token: SeShutdownPrivilege	3264	Process not Found
Token: SeCreatePagefilePrivilege	3264	Process not Found
Token: SeShutdownPrivilege	3264	Process not Found
Token: SeCreatePagefilePrivilege	3264	Process not Found

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 4000	2540	d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe	71
PID 2540 wrote to memory of 4000	2540	d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe	71
PID 2540 wrote to memory of 4000	2540	d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe	71
PID 2540 wrote to memory of 4000	2540	d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe	71
PID 2540 wrote to memory of 4000	2540	d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe	71
PID 2540 wrote to memory of 4000	2540	d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe	71

C:\Users\Admin\AppData\Local\Temp\d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe
"C:\Users\Admin\AppData\Local\Temp\d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Users\Admin\AppData\Local\Temp\d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe
  "C:\Users\Admin\AppData\Local\Temp\d8bdb32cb558ab6bfac8f7b3525475297e90779b55e437222ccd77ff15b8b8ce.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:4000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2540-121-0x0000000002440000-0x0000000002540000-memory.dmp

Filesize
1024KB

Download
memory/2540-122-0x0000000002360000-0x0000000002369000-memory.dmp

Filesize
36KB

Download
memory/3264-205-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-171-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-137-0x0000000000720000-0x0000000000730000-memory.dmp

Filesize
64KB

Download
memory/3264-139-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-142-0x00000000027D0000-0x00000000027E0000-memory.dmp

Filesize
64KB

Download
memory/3264-141-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-144-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-145-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-147-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-148-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-149-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-151-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-153-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-154-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-156-0x00000000027F0000-0x0000000002800000-memory.dmp

Filesize
64KB

Download
memory/3264-158-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-160-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-161-0x00000000027F0000-0x0000000002800000-memory.dmp

Filesize
64KB

Download
memory/3264-163-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-167-0x00000000027D0000-0x00000000027E0000-memory.dmp

Filesize
64KB

Download
memory/3264-169-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-206-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-165-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-166-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-172-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-210-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-176-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-177-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-178-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-179-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-180-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-181-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-182-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-183-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-184-0x0000000000720000-0x0000000000730000-memory.dmp

Filesize
64KB

Download
memory/3264-188-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-186-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-189-0x0000000000A10000-0x0000000000A20000-memory.dmp

Filesize
64KB

Download
memory/3264-185-0x0000000000720000-0x0000000000730000-memory.dmp

Filesize
64KB

Download
memory/3264-191-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-126-0x0000000000950000-0x0000000000966000-memory.dmp

Filesize
88KB

Download
memory/3264-193-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-195-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-197-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-194-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-198-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-201-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-199-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-202-0x0000000000A10000-0x0000000000A20000-memory.dmp

Filesize
64KB

Download
memory/3264-204-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-192-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-136-0x0000000000720000-0x0000000000730000-memory.dmp

Filesize
64KB

Download
memory/3264-174-0x00000000027F0000-0x0000000002800000-memory.dmp

Filesize
64KB

Download
memory/3264-212-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-208-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-214-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-216-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-217-0x0000000000A10000-0x0000000000A20000-memory.dmp

Filesize
64KB

Download
memory/3264-219-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-221-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-222-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-223-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-225-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-226-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-227-0x0000000000720000-0x0000000000730000-memory.dmp

Filesize
64KB

Download
memory/3264-229-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-231-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-228-0x0000000000720000-0x0000000000730000-memory.dmp

Filesize
64KB

Download
memory/3264-232-0x0000000000A00000-0x0000000000A10000-memory.dmp

Filesize
64KB

Download
memory/3264-234-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-235-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-236-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-240-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-238-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-237-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-242-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-243-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-244-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-246-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-247-0x00000000009B0000-0x00000000009C0000-memory.dmp

Filesize
64KB

Download
memory/3264-249-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-250-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-253-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-251-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-255-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-256-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-257-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-259-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-262-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-264-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-265-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-263-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-266-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-268-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-271-0x0000000000720000-0x0000000000730000-memory.dmp

Filesize
64KB

Download
memory/3264-273-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-278-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-280-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-283-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/3264-282-0x00000000027C0000-0x00000000027D0000-memory.dmp

Filesize
64KB

Download
memory/4000-123-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4000-124-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4000-125-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4000-127-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download