Overview

overview

10

Static

static

3

NEAS.784ec...JC.exe

windows10-2004-x64

10

Resubmissions

17-08-2024 02:08

240817-ckskqavbql 10

26-10-2023 20:30

231026-zafjqsfg4y 10

26-10-2023 20:25

231026-y681gsff9t 10

Analysis

  • max time kernel
    105s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-08-2024 02:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.784ec92e56f6f4a9b381b10cf6e224f0_JC.exe

  • Size

    909KB

  • MD5

    784ec92e56f6f4a9b381b10cf6e224f0

  • SHA1

    5074f42280be8577a3abd342f1227542afeea4b1

  • SHA256

    1e97990063bf6d39c28a310a1d9b13c84421c99620935bb401c56164421247fd

  • SHA512

    00c2498c4090cca3c79ca6c01c8ba50d1ab13dae23f16d883062809e93568c70584f96d9d8c2132669a7ea414bdf302dfc29f740d3eab7836fad2c2c3fba8b07

  • SSDEEP

    12288:mH1N57Fa2dALbyZa5uHZ/LiaQZKmRuUDm2r+Wg5ukiS6Kd:IE2dALbyZa5uHZcQmRbVoDd

Score
10/10
smokeloaderbackdoordiscoverytrojan

Malware Config

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 62 IoCs
  • Suspicious use of SendNotifyMessage 62 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.784ec92e56f6f4a9b381b10cf6e224f0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.784ec92e56f6f4a9b381b10cf6e224f0_JC.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4752
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Checks SCSI registry key(s)
      PID:4968
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Desktop\AssertDismount.vb
    Filesize

    261KB

    MD5

    f80f8abdb7feb2692b04a3db2c99cc28

    SHA1

    62e1c68d1f2096e4922ce5b691a03bf72c491b08

    SHA256

    2232ca3cb7231f30bffc17b3e40d01da0c4dcb0688da8149cdc61fc2169f7c6e

    SHA512

    ccfd292ec7626e59b02eae9f2d2ef3afd20e66e2641e0b97e05b31eb17f72376fd617d48dd91d07131d14de7b52c2f3b4eea0d7d415940382f2626daf209eb35

    Download Submit

  • C:\Users\Admin\Desktop\ConfirmWatch.vsdx
    Filesize

    278KB

    MD5

    9f2c270eb2f4334b1b124e9039d6a31f

    SHA1

    af62111e4da27e4cbf34f5c6f71b29af1c987835

    SHA256

    4694dbc716ec8d72d7e3c2a660323f68f79a5544c99b82dc5ed0191136667a0e

    SHA512

    f0054197e32986d7e491b5790f293466bce6a1f3916436cd77dd550e1f6eedabcc75d63ece0d93f65275e8a22070e1a0bd3a7b9b2477de27a958f93229986481

    Download Submit

  • C:\Users\Admin\Desktop\ConvertFind.xlsx
    Filesize

    10KB

    MD5

    77c35fb16dbe25418398f6d836f17b1b

    SHA1

    fcaf1095b344637b6f294a7e804f566fe57c831d

    SHA256

    cf0534a220d4f3a6c922edc4071de078872f1e7caf4889a5f07bcd104b85873a

    SHA512

    eeedb53e50cc4982593f70cefa91f85c3ef915ee4de970ea25cfc2dc36e2d0f7aac886e9552a10a793c743570e93d5878ef55f287eaf6828f5db88c249aa14f5

    Download Submit

  • C:\Users\Admin\Desktop\ConvertFromCheckpoint.ppsm
    Filesize

    311KB

    MD5

    e164f2f2bd9f15f6ed14a49f3f279230

    SHA1

    1f430fc7b33d04afb93d2ea062dc0c622272940a

    SHA256

    d2dfd73c40cb87375f3895b6e31ccc308defacd05188e635caad8a85e6df3f59

    SHA512

    941949087bde5e3e0766e5352da00739c012a06dc19b825100a8647f38e96b7550fa89551f19ffc469582fcce54229238a7d35db40245337d85d28cf8514e3ff

    Download Submit

  • C:\Users\Admin\Desktop\FindClose.gif
    Filesize

    362KB

    MD5

    8debb5b049cea80e26c36ee9b6d75bbc

    SHA1

    6ddf4c51766875c1686961603008c932755d0a06

    SHA256

    4d0cb58c3a325f9ac8895cdf6b1bbc2ec87dbb011e15f20748edefa1ffa2e3bc

    SHA512

    ccc95651813ce821fb279609534468bd387b4f1c1d3aa5eec9fc52a1cf86e5c14114a1e12d6eeb5f9a75a3420f085d1121f0dd98d13ee92b6a438281743c6568

    Download Submit

  • C:\Users\Admin\Desktop\JoinComplete.rtf
    Filesize

    294KB

    MD5

    6e61b5abb3b4dac8ca2ea2ba2299d034

    SHA1

    7b9589a6d96e7950e52c09e7e1366c68f2fb3fc3

    SHA256

    9e049ec34a13c28145e0da0e4672964acf04f5dfa30b424438c82daa150b4021

    SHA512

    4056073271a5838ba59ae8197cc878d3fb70b455e73226a12948aec13a972ca5013055fd4090a72f82be97edb78ca69449bfdf587ffd8258402d1c03c62dc5c6

    Download Submit

  • C:\Users\Admin\Desktop\LockPing.pdf
    Filesize

    429KB

    MD5

    f5e0d76b85df3eb1352dda262131cfa5

    SHA1

    a5cb57061b57895834eab0711c945a3ffc430225

    SHA256

    fe1239893bf0ea506ffa14597acb1f07b9d9d55d742d4120308b5a07d8fef9fa

    SHA512

    d10fe743f4390a7ca5779b1031559252ce5ddc0203159826f6439b6ead430d97b5bba19050ca3c0347d0764b1ca62677753abaadef9e88fe888f33a99b8a2f35

    Download Submit

  • C:\Users\Admin\Desktop\LockRestart.M2V
    Filesize

    547KB

    MD5

    35e5ca95bf53c3191e2638c956889701

    SHA1

    78121e88e25813047a63b6600d51d7742b446c4c

    SHA256

    d9f20a3fbe92d0d1052f6a6a1bf8038496032da781c6c6ddea4f5c46090b59ed

    SHA512

    29fc9c2e07337979312bbefd54e37f74aa84bec1aa819d40192efe168bef53128c0c0009515522df8f11a1cdb8deb783f4f8598986c7021cdb98e54ec8f0be62

    Download Submit

  • C:\Users\Admin\Desktop\MeasureMerge.au3
    Filesize

    328KB

    MD5

    1e6febd2ce2533d6fe1e0fdae5a3be56

    SHA1

    088e530121fd6190c50e09e9b0fb1648364a097a

    SHA256

    ae14e050713537e55a8419aeb120f9b373fdf119c2aadbb851f89f7881612957

    SHA512

    3942c376dd7188b7fbaa3f1199051829b76cd7779e5138e09cb806d19d54e41df0ab8aff7a0f8040e952d608df50095dc8876c25004f6a07855d9220f72b1996

    Download Submit

  • C:\Users\Admin\Desktop\OutSubmit.xlsm
    Filesize

    564KB

    MD5

    05165c714b3e0b8038a7c4f81e1bc7f5

    SHA1

    b7f760e0e69d6702a7fa627382b04bfee6378bb5

    SHA256

    600ce18c6e5e36c8456907ce81fa3d94560e308305e5db3466167f4653a799b2

    SHA512

    be4cd75bec6dcd1ab98ff4f7411a4dc3ade448bc69cf31742ff039b66c2e08543a0c9416fc90e18f7344a08265ac5cc05d3964428b694e05de29fc4936ffd23e

    Download Submit

  • C:\Users\Admin\Desktop\ProtectGroup.search-ms
    Filesize

    480KB

    MD5

    8a341cdd547373214f823e1110341bdd

    SHA1

    cd6c9811678579de2eecc3de0e2cf237561a91e7

    SHA256

    217f5d9e96ae50134a52b5bd7f393494e6dc4bfeb2a9f8b6a66bafa7fc74d2cf

    SHA512

    b09f2dec018201ca46d50b0858911a5c0d0265f1eb0018f0ab0e6dda6227d5b49de5d4f3afb289ed89ad63b92fa3926fef5f7472948912f4be1bc24b003bdf10

    Download Submit

  • C:\Users\Admin\Desktop\PublishResize.asf
    Filesize

    598KB

    MD5

    cc44b321b122d6d0aa6d01fe8c79f09b

    SHA1

    7db33d7363c389dfd377f21fb7deef77bf148ec7

    SHA256

    b31cf1125d12ad84b0ff73e9d1e6766830d9e333cb4773c30e5d0aa5d6411d3c

    SHA512

    9f3c98a6aa1b8175458e9b3d81227a531707fb5a454150054f611033013a774432f4d1e6fbdd9a3c11e8f456d3f1325e083fa91f8e789eeb334654c9aca93855

    Download Submit

  • C:\Users\Admin\Desktop\RemoveRedo.001
    Filesize

    648KB

    MD5

    d2adefd71ad926b80a72c95ee3066cdf

    SHA1

    b9e78ffb0e6f818d59a079b086b9451b21be4e7e

    SHA256

    cee511e6702caac9fb1579323e484367072ed0043ea5152beefb1af60424b997

    SHA512

    0ffcfac6aee56315ab88e01355ef53efcf0bf660a3ebc13086f646518acce2669e62800e378805f4ed102ea1b9d6fa5ef9416e9475f9ef0ee572cc03231eb006

    Download Submit

  • C:\Users\Admin\Desktop\RepairSuspend.pot
    Filesize

    244KB

    MD5

    82565817229845bddaf3400f5b1f1c6d

    SHA1

    c1eeaa07c35a7e54ac5783da1fbb49bd4dd89ce7

    SHA256

    4840a83d23e9e255332108eef96aaf2a724d34a9651fcf44fde24ee81690beee

    SHA512

    c9f7e8aab7df17e9c26c0ccd044c0255b459cf5c78ef64039f05ed96b68d0251da8be4f1af2629bd4a207cd7f35668a43b7fe75568fd3fa42c0a8eb06f2b0371

    Download Submit

  • C:\Users\Admin\Desktop\RequestCompress.wpl
    Filesize

    463KB

    MD5

    ff32501ecbc02dcca50351d5eb4b8213

    SHA1

    86c5d5c637b6883e98d9bcd1de0a8f723b24f8fd

    SHA256

    6450f8c9b3ebf1f83ec1054b9e231a6dd93b055a6f2265ce690d5328c3bc88f0

    SHA512

    1de82ea081ec84556d224a8ba626ffe2c375b2a7b65f9b29c5b1ca13f850307be1fadae49c5716051b8a41a75b781698c91d8d6ef4b8af8088fa9936a7054881

    Download Submit

  • C:\Users\Admin\Desktop\ResetTrace.txt
    Filesize

    530KB

    MD5

    fcebca965270c1d032abe3f608053b1a

    SHA1

    b3ebf843684c75d51dc7c8ce93bfa5a985c6d0f6

    SHA256

    043d56f2147e46c01a6b5d44fc884ddec79f01cac170eff8dfc6317cd38f5a16

    SHA512

    ace60dc1a85a39e2acb0a9a7a5d570c6508e73e13cded4b17d7a391626bbf113ec46531f0ae90c957680d40ff9f8fab1bd869887e557608476533c0a34e068ff

    Download Submit

  • C:\Users\Admin\Desktop\ResumeUnlock.xlsx
    Filesize

    9KB

    MD5

    bb4b672facb4b5e5f9f9c088b2921d23

    SHA1

    9dea63b609fdf3057f035991aaf5d235f8696b23

    SHA256

    52fa63ea425275b2463ca51d76add45a1a8fa40addec28f1e8160124f376f61d

    SHA512

    7eb1c64414b9adda813e2790c14921c3ffe147c0797f989b7093238e71e532da5b6b89e401b08fa14705c44ab2a319572555c51cd4e7242967cfa74e4ac3c75f

    Download Submit

  • C:\Users\Admin\Desktop\ResumeWrite.php
    Filesize

    497KB

    MD5

    476b8415fdcda5ae2216ee8be9254aed

    SHA1

    42933637c90c37f05f16a5ef7a916d90317244a3

    SHA256

    dfde9a4f55d3183fe2c83ba7894207f0c73c12aea6e203535c8ce93618ce7a22

    SHA512

    fd107a39e8ef1c4a3823fa7f00ec6618b39d57d6ff0963bc603beff3a7912e5693dc48f88523a7785233460abb11c82d0b35b80bd5268b893ab0c2f8df9728fc

    Download Submit

  • C:\Users\Admin\Desktop\SplitCheckpoint.ico
    Filesize

    581KB

    MD5

    c29ee3ebd4eb9b923a949173e3cec9c2

    SHA1

    04d25b2819345c36698e1a4758fe93b1a1888674

    SHA256

    8235a06e8e80f36373a862c4e2cbb07ce6c3c084e942f7c74f0138344f1f8471

    SHA512

    74bcd4dfb66f1151e7339394e89f0ca1897d0cc5e50216e82a637c1e8329da767e37f716e6876681c8464805d0d0c211b9f9d2891d209e76a9106ef9c96f7468

    Download Submit

  • C:\Users\Admin\Desktop\SplitMeasure.xlsx
    Filesize

    11KB

    MD5

    3d71b24a99824ff09af3d02772930a1e

    SHA1

    059caac096c1dc526ef5f0ddbc68d2f6ab6cca6d

    SHA256

    be16de012e4d6669b30d210ed1bfd637db9f767630877734443cbcf39e045220

    SHA512

    3728df1e2d2cbc476a4d8ce2a5ea5a4daaafb3cc30bc32df336a3f0aeb5b7e1dda7625e4c61e34b7b2751e8ed334d4a4ebbe76496d3994cb19d003a1ba74d309

    Download Submit

  • C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    Filesize

    2KB

    MD5

    bfa30a80ae3141122acac4a58483e8c6

    SHA1

    7043575369095f3d2abb9ab051a435626ac5609d

    SHA256

    e0c9dce10c726de96f2d25b7f2c41264e503965528ec6872d68d962b63ee3001

    SHA512

    8ac730e2c527415d30f05e89f8a02d8d32e90c79056ac8a361f474cc7f27586201f07c5ad92e2356b28a4958f0879a98ab71b3b443d323f746655b09eea3e5ab

    Download Submit

  • C:\Users\Public\Desktop\Firefox.lnk
    Filesize

    1000B

    MD5

    358436dcb8e0c0d528a82b2bc765924f

    SHA1

    7043bfbfd3aff1380961f58933081fdb1f036e60

    SHA256

    1a37ed9dc20fa399fa219a04afb595e8c02949d985bb3aae3fd7ab34b18667c5

    SHA512

    8e0dd18e4d3a099b4b6ce993d6bddf6850562bf51637edff58a25cc6816e2ec0849a86ecd437e30a614d54654abdd443993d2157d50dff17ac1e75b85efa4797

    Download Submit

  • C:\Users\Public\Desktop\Google Chrome.lnk
    Filesize

    2KB

    MD5

    28f39512b93b1c448f2e7e16215fd24f

    SHA1

    24550f71264ffaa0c8a10698d226acaee6bf1600

    SHA256

    79c478212828f49f1402ca28bd29a0b1ec54764d2f2eb30427988a49afa14735

    SHA512

    ab93c9b6f79a5fa9f48543930e3a2a7087e059d9c1497658af32947f676cc7abae6294e5012a66b9e7be21e778f54157b1cbc26c75dcc063ec99e50e289f41ee

    Download Submit

  • C:\Users\Public\Desktop\VLC media player.lnk
    Filesize

    923B

    MD5

    e8d87f20a337db80fdda21e6873d5cda

    SHA1

    a361d7a78a9f14a18ea78c539679be3ec22af35d

    SHA256

    29d080cdb6c51463f94d1d4792c940efed6637eaae63d50d478af20ead184925

    SHA512

    fd1a2b8e4b417aaa5259291cad94a21d2e6acce9febda8f625ca8be9a1adf59ceb02d7b0ce907c5b9f35e4614e2ea3547af04ba9f6c7d41f40d5464f6ce26750

    Download Submit

  • memory/4864-28-0x000002E43AEE0000-0x000002E43AEE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4864-27-0x000002E43AEE0000-0x000002E43AEE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4864-29-0x000002E43AEE0000-0x000002E43AEE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4864-39-0x000002E43AEE0000-0x000002E43AEE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4864-38-0x000002E43AEE0000-0x000002E43AEE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4864-37-0x000002E43AEE0000-0x000002E43AEE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4864-36-0x000002E43AEE0000-0x000002E43AEE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4864-35-0x000002E43AEE0000-0x000002E43AEE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4864-34-0x000002E43AEE0000-0x000002E43AEE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4864-33-0x000002E43AEE0000-0x000002E43AEE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4968-0-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4968-1-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4968-2-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download