707fe4d40b1eab9258f31f5e48a3a7e3db65620005f374cf5d44d65d3868ebbd

Analysis

max time kernel
110s
max time network
112s
platform
windows10_x64
resource
win10v20210410
submitted
21-04-2021 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

salnet-setup6.2.exe
Size

375KB
MD5

deb2a2836aa656bc4c7eeec24427d402
SHA1

ca8f86f1a0fd6ccb31b408948dbe08ebf4207ae2
SHA256

707fe4d40b1eab9258f31f5e48a3a7e3db65620005f374cf5d44d65d3868ebbd
SHA512

5f15529af100977a6a7bbcc60164cd809716907356ce20a0d6fecdbe942ea4a71506c61832dba94faf13ef0c7eef06e0c407d44249891082d228e69cb2dc015d

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

salnet-setup6.2.exe

description	pid	process	target process
PID 2208 wrote to memory of 1844	2208	salnet-setup6.2.exe	mshta.exe
PID 2208 wrote to memory of 1844	2208	salnet-setup6.2.exe	mshta.exe
PID 2208 wrote to memory of 1844	2208	salnet-setup6.2.exe	mshta.exe

C:\Users\Admin\AppData\Local\Temp\salnet-setup6.2.exe
"C:\Users\Admin\AppData\Local\Temp\salnet-setup6.2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\system32\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\sal-sys\salnet_installation.hta"
2⤵
PID:1844

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\sal-sys\ECSI_head.jpg
MD5
57f0cf1582011944704d22e738ba8969

SHA1
f3f87ec5605331f04a96125462155893826571d8

SHA256
683801ae0e9da461a8c93b35ea23d6f262872a468002b42d48ffcfb1cbca9bd9

SHA512
a344a5c751e2175a6b5498b90cfc366469a6699552487e3a5cb459b15d504fe4302a60eb64107619caafd50d4f4852cdbc31f34c18215a8dee2f90c7e0a8a43f

Download Submit
C:\Users\Admin\AppData\Local\Temp\sal-sys\salnet_installation.hta
MD5
3e70fed594ee2289fc71f6613a0cfdde

SHA1
993edc94c90a43489bb11d1f412ebe42da84374b

SHA256
0a9e8bcdf62ec86bbfa174b50506c2658760a23d4b945a4be2a0a86493fc7e64

SHA512
c3a925782876c22fcbb2e7f974ab271141eeae3d31170762e50ef6223b46e88526f32b3efa7c8a1cebb4bc969d6a1a8a37a0f19ca3636c75ae2c9cf48ff4d70d

Download Submit
memory/1844-114-0x0000000000000000-mapping.dmp

Download