Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    291s
  • max time network
    268s
  • platform
    windows10-1703_x64
  • resource
    win10-20240319-en
  • resource tags

    arch:x64arch:x86image:win10-20240319-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21-03-2024 22:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a3ea9277d27b09f0519ab000067bf06cea7f64c566e153d37367288e3423616.exe

  • Size

    239KB

  • MD5

    02d76f13b740663d70b64eb6b2893ca1

  • SHA1

    3571450afa2cc258ef4583f3896ed5222185900b

  • SHA256

    3a3ea9277d27b09f0519ab000067bf06cea7f64c566e153d37367288e3423616

  • SHA512

    84b54360469d8e3c53f1b8a75679f15aada5e59e96a64eabf8424082feee352ea6b730f4036b2940f2ec28153dca2133e4e9e4404f1b7708c768569b1e074cb1

  • SSDEEP

    3072:uerZdBdazR6RKbafowJ2/dWgGXCUIWP5NCedNAhGYTBbykKBdpRSNa:uCZdBdazR7baQ//RGXChMNAhGgFKP

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a3ea9277d27b09f0519ab000067bf06cea7f64c566e153d37367288e3423616.exe
    "C:\Users\Admin\AppData\Local\Temp\3a3ea9277d27b09f0519ab000067bf06cea7f64c566e153d37367288e3423616.exe"
    1⤵
    • Checks SCSI registry key(s)
    PID:3712
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 492
      2⤵
      • Program crash
      PID:316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3712-1-0x0000000000570000-0x0000000000670000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3712-2-0x0000000002060000-0x000000000206B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3712-3-0x0000000000400000-0x000000000047C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/3712-6-0x0000000000570000-0x0000000000670000-memory.dmp

    Filesize

    1024KB

    Download