Managed XDR

smartshreder.exe — malware analysis report

File info

Filename
smartshreder.exe
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
1.7 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
e15b61864cd0d83556ca992d238ed0a676eb50ab
SHA256
15bab32a83485f4ded8ce14982ea2405cca842c3d1124275d1780945c104003e
MD5
81b6732e3c7c7518cc4da67d4877503f

Signatures

Persistence

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup

Privilege Escalation

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_vb: The executable file is packed using VB
T1497 antidbg_strings: Checks for malware analysis tools (specific strings found)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1480 system_default_lang_id_present: Checks the system language

Discovery

T1497 antidbg_strings: Checks for malware analysis tools (specific strings found)
T1497.003 antisandbox_sleep: The process attempted to slow down analysis
T1082 reads_csrss: Attempts to read csrss.exe memory

Other

yara_rules: Static rules
copies_self: Creates a copy of itself
creates_exe: Creates executable files in the file system
executes_dropped_exe: Executes dropped exe files
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
break_limit_exceeded: Warning: function calls limit has been exceeded
origin_langid: Unconventional language of the executable file
pe_overlay: PE file contains overlay