Overview

overview

10

Static

static

3

0068388548...96.exe

windows10-2004-x64

10

13243e4dd5...33.exe

windows10-2004-x64

10

202040bebe...98.exe

windows10-2004-x64

10

3a1c464610...ff.exe

windows10-2004-x64

10

556fc723a7...10.exe

windows10-2004-x64

7

5eb8ed45ba...01.exe

windows10-2004-x64

10

663bf6b48c...37.exe

windows10-2004-x64

7

67dbedea2e...69.exe

windows10-2004-x64

10

7e4d47aad3...11.exe

windows10-2004-x64

10

820ec15efb...db.exe

windows10-2004-x64

10

88a5b8b09a...44.exe

windows10-2004-x64

10

9c0f7f6495...f7.exe

windows10-2004-x64

10

bd0a957eae...c0.exe

windows7-x64

10

bd0a957eae...c0.exe

windows10-2004-x64

10

c8e229c276...39.exe

windows10-2004-x64

10

ca2534058c...e4.exe

windows10-2004-x64

10

d0c5f92763...68.exe

windows10-2004-x64

10

d3f2262a94...31.exe

windows10-2004-x64

10

d40527d1f8...ed.exe

windows10-2004-x64

10

de4076a039...c9.exe

windows10-2004-x64

10

f80bd79907...93.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 07:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd0a957eaebb4aaad5274b94282e2e629645d3cfc2d373f90812b885800536c0.exe

  • Size

    270KB

  • MD5

    fedcba531f97a219853ff2322af626d0

  • SHA1

    b141998a2cf8032e977f2ea8d7a5de8721422c5c

  • SHA256

    bd0a957eaebb4aaad5274b94282e2e629645d3cfc2d373f90812b885800536c0

  • SHA512

    f540b590cb1b2933c928262a57246f32bc9dc1538159870e9a31dbc61fe78ff3d95306c1cba96249ae0c43765981cd7fe41fa289382531a6ce6ca923665a3aff

  • SSDEEP

    6144:svpK3RlYo26KFCW8m3JqxAO1A591bVx7:sRK3zZ2tnEbA5

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd0a957eaebb4aaad5274b94282e2e629645d3cfc2d373f90812b885800536c0.exe
    "C:\Users\Admin\AppData\Local\Temp\bd0a957eaebb4aaad5274b94282e2e629645d3cfc2d373f90812b885800536c0.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3328
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Checks SCSI registry key(s)
      PID:4312
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 408
      2⤵
      • Program crash
      PID:3488
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3328 -ip 3328
    1⤵
      PID:3456

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4312-0-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/4312-1-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download