General
-
Target
29e6736afd321358d41710277a27421bebcdbd1abbd12bf942007169982fd4e3
-
Size
748KB
-
Sample
240517-1gqtqacd44
-
MD5
ea794f68554409890249b0a3d3af52f7
-
SHA1
386d920bea81fada037e6ae190cc436ca5e6e6ff
-
SHA256
29e6736afd321358d41710277a27421bebcdbd1abbd12bf942007169982fd4e3
-
SHA512
372df46640a62b98e741d400b46e78bbb388840d6f2a9180ccf9dfe1dee67c17fea663a86415457ea0661f203d01872b937db93cf0ee8100a5996e3a59cb9a5b
-
SSDEEP
12288:TXAzF0sl/n/LAzyncbHr7bkHFRB7JPDA2A0b3bsh3E4a4uw2iDlgNG1VUph765:TXAzF0kAzgIrCRDx3b6ru4msepE5
Static task
static1
Behavioral task
behavioral1
Sample
29e6736afd321358d41710277a27421bebcdbd1abbd12bf942007169982fd4e3.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
29e6736afd321358d41710277a27421bebcdbd1abbd12bf942007169982fd4e3.exe
Resource
win11-20240508-en
Malware Config
Extracted
smokeloader
pub1
Targets
-
-
Target
29e6736afd321358d41710277a27421bebcdbd1abbd12bf942007169982fd4e3
-
Size
748KB
-
MD5
ea794f68554409890249b0a3d3af52f7
-
SHA1
386d920bea81fada037e6ae190cc436ca5e6e6ff
-
SHA256
29e6736afd321358d41710277a27421bebcdbd1abbd12bf942007169982fd4e3
-
SHA512
372df46640a62b98e741d400b46e78bbb388840d6f2a9180ccf9dfe1dee67c17fea663a86415457ea0661f203d01872b937db93cf0ee8100a5996e3a59cb9a5b
-
SSDEEP
12288:TXAzF0sl/n/LAzyncbHr7bkHFRB7JPDA2A0b3bsh3E4a4uw2iDlgNG1VUph765:TXAzF0kAzgIrCRDx3b6ru4msepE5
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-