Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    73s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/11/2022, 16:00 UTC

General

  • Target

    d9432f096c58b8a0a36f27dfd0694df3cda62c1aee4fc791546d28bb531289ae.exe

  • Size

    238KB

  • MD5

    0df275014b644f383e9549efccb52770

  • SHA1

    258d48a71da29bd26cdc7af7c4b24f633041d6c6

  • SHA256

    d9432f096c58b8a0a36f27dfd0694df3cda62c1aee4fc791546d28bb531289ae

  • SHA512

    a56fb408cb775e35f38e1e6648d5be823efaf3375ac876979067d7b4492addea5db887c6fbc55494eee715e7ab12b65f71f08eca6aabcf97176c298164829074

  • SSDEEP

    3072:InnAQVG/LytaKItS/fiLKS+f5Aq7iOmO0htrNn5a938J/TWcx2Jijq+wPIEryvy:EOTeHI8HiL7+f5D8J5WAqIOZPnx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

  • Windows security bypass 2 TTPs 6 IoCs
  • Disables RegEdit via registry modification 1 IoCs
  • Disables Task Manager via registry modification
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Loads dropped DLL 1 IoCs
  • Windows security modification 2 TTPs 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d9432f096c58b8a0a36f27dfd0694df3cda62c1aee4fc791546d28bb531289ae.exe
    "C:\Users\Admin\AppData\Local\Temp\d9432f096c58b8a0a36f27dfd0694df3cda62c1aee4fc791546d28bb531289ae.exe"
    1⤵
    • Windows security bypass
    • Disables RegEdit via registry modification
    • Loads dropped DLL
    • Windows security modification
    PID:1728

Network

    No results found
  • 20.42.73.25:443
    322 B
    7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~TMCDC4.tmp

    Filesize

    1.6MB

    MD5

    4f3387277ccbd6d1f21ac5c07fe4ca68

    SHA1

    e16506f662dc92023bf82def1d621497c8ab5890

    SHA256

    767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac

    SHA512

    9da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219

  • memory/1728-132-0x00000000023C0000-0x000000000344E000-memory.dmp

    Filesize

    16.6MB

  • memory/1728-133-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

  • memory/1728-134-0x00000000023C0000-0x000000000344E000-memory.dmp

    Filesize

    16.6MB

  • memory/1728-135-0x00000000021F0000-0x000000000222E000-memory.dmp

    Filesize

    248KB

  • memory/1728-137-0x00000000023C0000-0x000000000344E000-memory.dmp

    Filesize

    16.6MB

  • memory/1728-138-0x0000000077DB0000-0x0000000077F53000-memory.dmp

    Filesize

    1.6MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.