Overview

overview

10

Static

static

10

972-38-0x0...ry.exe

windows7-x64

10

972-38-0x0...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    164s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-10-2023 00:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    972-38-0x0000000000400000-0x0000000000409000-memory.exe

  • Size

    36KB

  • MD5

    79248a1526c92987226d59945666469d

  • SHA1

    be0551cabd95bb8b81f9d579f04ad3fa197897ba

  • SHA256

    0429845c6009f684e88b5791ed62d698ab433284887491f0a68ea91d3b6223ef

  • SHA512

    4fb17315f1f00dbd62aba52ea0dc78088d01bd89bcb7862eabafe81a7f7fd615538f6029cf67d7397f6106346c2034451535e7c7960f8665d8875aef39b50ab0

  • SSDEEP

    384:K9VD6tee+O2UOTd2opQTR23aydz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMV:k6Qe+BUv837cqdvOXA6XkPslJvGaVW

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\972-38-0x0000000000400000-0x0000000000409000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\972-38-0x0000000000400000-0x0000000000409000-memory.exe"
    1⤵
      PID:5080
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 228
        2⤵
        • Program crash
        PID:4488
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5080 -ip 5080
      1⤵
        PID:4692

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/5080-0-0x0000000000400000-0x0000000000409000-memory.dmp

        Filesize

        36KB

        Download