Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    161s
  • max time network
    210s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2022, 04:26

General

  • Target

    0ad6c0a9e6e9d363a1731a7b7c5449d99f90be94e074d9b542a0b2f1ff13f4ae.exe

  • Size

    196KB

  • MD5

    4172c0838887194d5507344221f81abc

  • SHA1

    79ba7c26f818f998a75acf0499dbde08d4f107cb

  • SHA256

    0ad6c0a9e6e9d363a1731a7b7c5449d99f90be94e074d9b542a0b2f1ff13f4ae

  • SHA512

    f6684e63a321d975486f6e70afa0bc90a2a44c16de5a6b8c8dfece336e6de6aa5a83219619ade2effc4b19b9a43286bb4981ce1150282045804bd7d2bdae7519

  • SSDEEP

    3072:3KEb1edk0bT5ni+lRd4ESGf4Fv5NR2OnCW8DCUck/CJcd+F9UK/r1F2aTwXZg0bc:3KEbZyNi+R0quc4ut+Qnbw9PvD

Score
10/10

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ad6c0a9e6e9d363a1731a7b7c5449d99f90be94e074d9b542a0b2f1ff13f4ae.exe
    "C:\Users\Admin\AppData\Local\Temp\0ad6c0a9e6e9d363a1731a7b7c5449d99f90be94e074d9b542a0b2f1ff13f4ae.exe"
    1⤵
      PID:4112

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4112-132-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/4112-134-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

    • memory/4112-133-0x0000000002210000-0x00000000032CA000-memory.dmp

      Filesize

      16.7MB