Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

95c505f52f...2f.exe

windows7-x64

10

95c505f52f...2f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2022, 08:38 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95c505f52f385b48fa894e7cc2dad56803dcb92b163c44429dbed93425da842f.exe

  • Size

    225KB

  • MD5

    1f2786d0fe0ed113cae59a1affcfc101

  • SHA1

    da9194f0701bc17cbb0337f1da947e7752544e7c

  • SHA256

    95c505f52f385b48fa894e7cc2dad56803dcb92b163c44429dbed93425da842f

  • SHA512

    437241f01c90de4a7ed72e2e762faa8717147516601d74ede0420736b0e69ec3bef23d04b533e46621c4fb840f24768bf837fa712bb7d5545d204f9d4c94a0e4

  • SSDEEP

    6144:ICnE9ChWTIykxQi/TB4mjCdugLZFutQze7AWP:c9ChWBuQi/TORp9gazfm

Score
10/10
salitybackdoorupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95c505f52f385b48fa894e7cc2dad56803dcb92b163c44429dbed93425da842f.exe
    "C:\Users\Admin\AppData\Local\Temp\95c505f52f385b48fa894e7cc2dad56803dcb92b163c44429dbed93425da842f.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4608

Network

  • flag-unknown
    DNS
    15.89.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.89.54.20.in-addr.arpa
    IN PTR
    Response
  • 209.197.3.8:80
    260 B
     5
  • 209.197.3.8:80
    322 B
     7
  • 40.125.122.151:443
    260 B
     5
  • 209.197.3.8:80
    322 B
     7
  • 8.8.8.8:53
    15.89.54.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    15.89.54.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4608-133-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/4608-132-0x0000000002570000-0x00000000035FE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/4608-134-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/4608-135-0x0000000002570000-0x00000000035FE000-memory.dmp

    Filesize

    16.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.