Analysis

  • max time kernel
    15s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 03:14

General

  • Target

    620b027b554f7183e3aa04222ef16300N.exe

  • Size

    44KB

  • MD5

    620b027b554f7183e3aa04222ef16300

  • SHA1

    35eca3b92e9d9198986c848f7a5d1de265e35e85

  • SHA256

    a40d8eac4b4f218111ea60be92d5fddbd5fe54b2d0ac8a875bc69be87e0abfbf

  • SHA512

    9332080512cea526201843218fd3a83e2852bc996de989f9ebfa4ff4d55861d5ba1487b2a5a46d3b5c83c2982b83277f8e311acfa41d4dc07833834093d126e7

  • SSDEEP

    768:Z/8mWE+vc4Y6DhR8ZSDc28hO3c3VgDeoVZnE:2a+04Y6DhR8658533s

Malware Config

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\620b027b554f7183e3aa04222ef16300N.exe
    "C:\Users\Admin\AppData\Local\Temp\620b027b554f7183e3aa04222ef16300N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 36
      2⤵
      • Program crash
      PID:2064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2060-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB