Behavioral task
behavioral1
Sample
804-6-0x0000000000400000-0x0000000000409000-memory.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
804-6-0x0000000000400000-0x0000000000409000-memory.exe
Resource
win10v2004-20240419-en
General
-
Target
804-6-0x0000000000400000-0x0000000000409000-memory.dmp
-
Size
36KB
-
MD5
dfa5eb9f31696dba0c4bd0e124ccbfae
-
SHA1
780a49a4b56ecb7407e01032c0ca0155ac63255f
-
SHA256
dd4ff1b8b990b4cee33d9f2504e1167c27d352a1be0b8a9e80469176e34a6010
-
SHA512
4fc42f7d35f455efbfe01f165a838080705a5a2412edfd0aade27fcf7748be117865a1e530f830b7e2c224f50f66d82ba1e062afbe2fb757575f6d598b1ab562
-
SSDEEP
768:OkUqYDNTIoKpDd1KM02kQhx4hOtFceWzYqvz0bOS:zLiRLKtd1PBkQD4UtFceWnz
Malware Config
Extracted
smokeloader
pub1
Signatures
-
Smokeloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 804-6-0x0000000000400000-0x0000000000409000-memory.dmp
Files
-
804-6-0x0000000000400000-0x0000000000409000-memory.dmp.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE