d88271eb4440a41f65cad7e1d6c8b6b5f5d627d2bba8783b7ca76890467e9947

Analysis

max time kernel
102s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 17:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SmokeySpoofer-main/SmokeySpoofer/Main.Designer.cs
Size

9KB
MD5

cdda0de68cbca7e15aafb55663feed89
SHA1

b3670e2a592a5015ac309746edbb38b5fc7d7cac
SHA256

6aae9e6bc18e4fa19cabfe8f4048106bedad68558732c5428181fb37e5927194
SHA512

d38785aaeec7381fc4fcda21841c5777dd86967d474f40e2f15b9219d4306da643b8ed9243b2082a25245907d3de8adb47fb1ae31bc66f050abb02b7a03f0ac2
SSDEEP

192:OwlZpSiV9vnmV45m3U2V9PEBJ9MV9UdpwJyZV41bEs/V4ADEY1JV4zLEENTV4G8E:OwDESJmV45m3U2V9PEB7MV9UdGsZV41G

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2684	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2684	AcroRd32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2684	AcroRd32.exe
2684	AcroRd32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2684	2260	cmd.exe	31
PID 2260 wrote to memory of 2684	2260	cmd.exe	31
PID 2260 wrote to memory of 2684	2260	cmd.exe	31
PID 2260 wrote to memory of 2684	2260	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\SmokeySpoofer-main\SmokeySpoofer\Main.Designer.cs
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\SmokeySpoofer-main\SmokeySpoofer\Main.Designer.cs"
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
25cc8fe7383b5cf90799efa8e0a3af8e

SHA1
c24f88bf2a989b57a3d6e9554bc9b85073dcc2b5

SHA256
95fb6881c4bd8675953eb055f3ac000b2ff8181a8a87c8937bc5910cbeb983f2

SHA512
11c96f7d0e215f46f925da650865bc5644163f3d4fa88b25848c42e960ab2aa988135cd39ce4a71ccf579096a9aa9e7e3e1a6817f285a96b4ad4133e9980876d

Download Submit