Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10Samples 6/...ca.exe
windows7-x64
7Samples 6/...ca.exe
windows10-2004-x64
7Samples 6/...4e.exe
windows7-x64
10Samples 6/...4e.exe
windows10-2004-x64
10Samples 6/...31.exe
windows7-x64
10Samples 6/...31.exe
windows10-2004-x64
10Samples 6/...4b.exe
windows7-x64
7Samples 6/...4b.exe
windows10-2004-x64
7Samples 6/...1a.exe
windows7-x64
10Samples 6/...1a.exe
windows10-2004-x64
10Samples 6/...18.exe
windows7-x64
1Samples 6/...18.exe
windows10-2004-x64
1Samples 7/...22.exe
windows7-x64
3Samples 7/...22.exe
windows10-2004-x64
3Samples 7/...41.exe
windows7-x64
10Samples 7/...41.exe
windows10-2004-x64
10Samples 7/...62.exe
windows7-x64
10Samples 7/...62.exe
windows10-2004-x64
10Samples 7/...c5.exe
windows7-x64
10Samples 7/...c5.exe
windows10-2004-x64
10Samples 7/...a6.exe
windows7-x64
10Samples 7/...a6.exe
windows10-2004-x64
10Samples 7/...64.exe
windows7-x64
10Samples 7/...64.exe
windows10-2004-x64
10Samples 7/...a5.exe
windows7-x64
10Samples 7/...a5.exe
windows10-2004-x64
10Samples 7/...0d.exe
windows7-x64
10Samples 7/...0d.exe
windows10-2004-x64
10Samples 7/...de.exe
windows7-x64
7Samples 7/...de.exe
windows10-2004-x64
7Samples 7/...de.exe
windows7-x64
10Samples 7/...de.exe
windows10-2004-x64
10Resubmissions
07/01/2024, 18:26
240107-w3ameabffn 10Analysis
-
max time kernel
102s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
07/01/2024, 18:26
Static task
static1
Behavioral task
behavioral1
Sample
Samples 6/c4ec2c4d73a45bba85debe9fe243708bb52afd29dc95d7fdefed02cd34c375ca.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
Samples 6/c4ec2c4d73a45bba85debe9fe243708bb52afd29dc95d7fdefed02cd34c375ca.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Samples 6/c6befd3879040aeca88afd9b461177c9a3fc830f2020f2878696ddca0cea994e.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
Samples 6/c6befd3879040aeca88afd9b461177c9a3fc830f2020f2878696ddca0cea994e.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Samples 6/c76d7f244175880387474af937c59ad2cbfec2f4bdfdefdf0a9d1def029faa31.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
Samples 6/c76d7f244175880387474af937c59ad2cbfec2f4bdfdefdf0a9d1def029faa31.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Samples 6/c808c7043bbe6f22fdae5e9ad031db55e2ec385489a53ad3096985e53292244b.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
Samples 6/c808c7043bbe6f22fdae5e9ad031db55e2ec385489a53ad3096985e53292244b.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Samples 6/ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral10
Sample
Samples 6/ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Samples 6/cd22c1aabcafc40bf81d42b42e625e49eff9e0f928fa961e43573e1eb45ace18.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
Samples 6/cd22c1aabcafc40bf81d42b42e625e49eff9e0f928fa961e43573e1eb45ace18.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Samples 7/d097ca2583425f648592138b57562334c0b83d3179634fd43a0b611bdf720122.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral14
Sample
Samples 7/d097ca2583425f648592138b57562334c0b83d3179634fd43a0b611bdf720122.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Samples 7/d0d97c70ea6e26b3708dc101a310f056d690bbc17306c493ccba4a6f00fad541.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
Samples 7/d0d97c70ea6e26b3708dc101a310f056d690bbc17306c493ccba4a6f00fad541.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Samples 7/d3d18f34a1494d87502f0ea05c56f6194e50610bc71f53653e15c98d25e57e62.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
Samples 7/d3d18f34a1494d87502f0ea05c56f6194e50610bc71f53653e15c98d25e57e62.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Samples 7/da52dc0f002d544115f1d64dbc1d7ec9569be150d59cfe0bfd3f6bb5aed54dc5.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
Samples 7/da52dc0f002d544115f1d64dbc1d7ec9569be150d59cfe0bfd3f6bb5aed54dc5.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Samples 7/dcf250dc8a9683cf5a3e7dfdb441b06e15b391a8c5d97b31431c650a715432a6.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
Samples 7/dcf250dc8a9683cf5a3e7dfdb441b06e15b391a8c5d97b31431c650a715432a6.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Samples 7/dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
Samples 7/dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Samples 7/dde59b015e0acd1910513cf1da07f3b17d6530816d663c102ed9ad6ab6d575a5.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral26
Sample
Samples 7/dde59b015e0acd1910513cf1da07f3b17d6530816d663c102ed9ad6ab6d575a5.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Samples 7/e396aa398fb1fa0f6c9db780211f758649e9a1f26bb5a2e7026b1cfec6ea9c0d.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral28
Sample
Samples 7/e396aa398fb1fa0f6c9db780211f758649e9a1f26bb5a2e7026b1cfec6ea9c0d.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Samples 7/e5474bdcb0a87bd6c1c74d6a2fd6cff6c8ff913248b84e22c1ef5e82cb6f5cde.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral30
Sample
Samples 7/e5474bdcb0a87bd6c1c74d6a2fd6cff6c8ff913248b84e22c1ef5e82cb6f5cde.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
Samples 6/ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe
-
Size
248KB
-
MD5
14c45fa75b1f8644c5fe37ca234a456b
-
SHA1
056713d15dfa8032597aac2e3f61e6a5794a53e8
-
SHA256
ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a
-
SHA512
b6f212cbb3255c2da4d1935507c5f83833bbeea3b6aca7c0632852db2018dc1a667756b8693a50793cc1ea75296fc13b60eea8c0b645a9e7c901a69a6adbbc21
-
SSDEEP
3072:A9orP+stnvfG4+zxvGz/QUVcRe/1nkJuTby/cT2cARxVC09++zu:SoCshG4qx1UVco/1aYySAR+
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://dpav.cc/tmp/
http://lrproduct.ru/tmp/
http://kggcp.com/tmp/
http://talesofpirates.net/tmp/
http://pirateking.online/tmp/
http://piratia.pw/tmp/
http://go-piratia.ru/tmp/
Signatures
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself 1 IoCs
pid Process 3520 Process not Found -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4216 ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe 4216 ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found 3520 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 4216 ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Samples 6\ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe"C:\Users\Admin\AppData\Local\Temp\Samples 6\ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4216