Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
19/08/2023, 05:57
Behavioral task
behavioral1
Sample
11c7e5c965be3cff7410e837561e7e82.exe
Resource
win7-20230712-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
11c7e5c965be3cff7410e837561e7e82.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
11c7e5c965be3cff7410e837561e7e82.exe
-
Size
39KB
-
MD5
11c7e5c965be3cff7410e837561e7e82
-
SHA1
1727060d2778926d351cc12de25adc273c334257
-
SHA256
a1e21180b104f0b1cc05fcebd9a9f32c9820f7704693822df06c91d8ef7aad95
-
SHA512
dc9c7a0b5c712d08d0e664db884b9f54da4daabdb404ebbc7c85184457f6979ef465ede81e5132a8c8f04c4711fc6d700e1201a93b94b0f4101fad9c020c1278
-
SSDEEP
384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW
Score
10/10
Malware Config
Extracted
Family
smokeloader
Version
2022
C2
http://77.91.68.29/fks/
rc4.i32
rc4.i32
Signatures
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself 1 IoCs
pid Process 1256 Process not Found -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1328 11c7e5c965be3cff7410e837561e7e82.exe 1328 11c7e5c965be3cff7410e837561e7e82.exe 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found 1256 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1256 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1328 11c7e5c965be3cff7410e837561e7e82.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 1256 Process not Found 1256 Process not Found -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 1256 Process not Found 1256 Process not Found