Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2024, 23:39

General

  • Target

    4130b4af49fedcd8e37aaf360cc737e0f335ccf4bff1d0e8c1f3fac25fdc7ecd.exe

  • Size

    450KB

  • MD5

    0ab4d232f8d63b697e18b79a1ee0dbed

  • SHA1

    5668bbbd1bee1befdcbf4fb79ccfeb0d8330f745

  • SHA256

    4130b4af49fedcd8e37aaf360cc737e0f335ccf4bff1d0e8c1f3fac25fdc7ecd

  • SHA512

    89f5e7beff0cc79e4436b2bb7cc16ed9d3d2e484732d0fa22ac5dce2c6a44471c9dc734d3467d51e0caba0fc8c6ca4a0feb7a077d53bc6f3a7b37a7ab092ffe6

  • SSDEEP

    6144:3EFGR0bUhHGTE+DCf1iMksZBweViwksgpkFFebc2s5HVeseAOsHqwtmcLY2Th0J7:bheE+DCf1iMksDweD1jHYwvtmcLPhp

Score
10/10

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4130b4af49fedcd8e37aaf360cc737e0f335ccf4bff1d0e8c1f3fac25fdc7ecd.exe
    "C:\Users\Admin\AppData\Local\Temp\4130b4af49fedcd8e37aaf360cc737e0f335ccf4bff1d0e8c1f3fac25fdc7ecd.exe"
    1⤵
      PID:1468

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1468-0-0x0000000000400000-0x0000000000476000-memory.dmp

            Filesize

            472KB

          • memory/1468-1-0x0000000002340000-0x00000000033FA000-memory.dmp

            Filesize

            16.7MB

          • memory/1468-2-0x0000000000400000-0x0000000000476000-memory.dmp

            Filesize

            472KB