Analysis

  • max time kernel
    92s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2024, 21:49

General

  • Target

    d5bae10781e1ebf936daedf1e3e11a1e2fff0c7ce2844173c19b4424e0f325f2.exe

  • Size

    3.3MB

  • MD5

    a7bf9a75dc4aaf39cec76789fc3aa033

  • SHA1

    6cf2a2183f7ee1754bc6969d8178ba3516e3c3d5

  • SHA256

    d5bae10781e1ebf936daedf1e3e11a1e2fff0c7ce2844173c19b4424e0f325f2

  • SHA512

    43cf01b3386d87a338076101a19b4a8be4a63dac46f4f4a000aaf75398f71c1b0d755d33e5b39985dac89c9662755ac4237ffba0415be67ef7cef0246b39afcc

  • SSDEEP

    3072:VJ4v9Fiysia/8Qf5v4d0mXj2oLprC66Gt/:O9FiysN8MZ45jj1/l

Score
10/10

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5bae10781e1ebf936daedf1e3e11a1e2fff0c7ce2844173c19b4424e0f325f2.exe
    "C:\Users\Admin\AppData\Local\Temp\d5bae10781e1ebf936daedf1e3e11a1e2fff0c7ce2844173c19b4424e0f325f2.exe"
    1⤵
      PID:3336

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3336-0-0x0000000000400000-0x0000000000418000-memory.dmp

            Filesize

            96KB

          • memory/3336-2-0x0000000000400000-0x0000000000418000-memory.dmp

            Filesize

            96KB

          • memory/3336-1-0x0000000000BF0000-0x0000000001CAA000-memory.dmp

            Filesize

            16.7MB