Behavioral task
behavioral1
Sample
2528-0-0x0000000000400000-0x0000000000409000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2528-0-0x0000000000400000-0x0000000000409000-memory.exe
Resource
win10v2004-20240426-en
General
-
Target
2528-0-0x0000000000400000-0x0000000000409000-memory.dmp
-
Size
36KB
-
MD5
3443196a5191ca721033b5938ee9c1d8
-
SHA1
785e4f306a2b3feaf9128bd045c7920bad3e238b
-
SHA256
c31f86b009d59d11f23bb2b9e989062fb353bfb86e6a9d13a4898c4bc2249a70
-
SHA512
58f9a79c695ec6665a2d1742a8c58dcd42fdf0a7cc7b131a7ae81f54ec8cb83af4666bea2ad621c02d15beec6b96241f11446f9e8700b0fdb348f5602a5f91c5
-
SSDEEP
768:OAUoYtNFIoKpDd1KM02kQhx4hOtFceWzYqvz0bOS:H5EXLKtd1PBkQD4UtFceWnz
Malware Config
Extracted
smokeloader
pub1
Signatures
-
Smokeloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2528-0-0x0000000000400000-0x0000000000409000-memory.dmp
Files
-
2528-0-0x0000000000400000-0x0000000000409000-memory.dmp.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE