Overview

overview

10

Static

static

3

72e51dd5df...fe.exe

windows7-x64

3

72e51dd5df...fe.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-03-2024 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72e51dd5dfd89390290274a3eb4e3c2e5acbc8321c7b040b8769af7dd7f4f1fe.exe

  • Size

    3.2MB

  • MD5

    594da658453b4ecb2fdc74df71f434b5

  • SHA1

    b9633e10c5d4c94f8ac8b0866adb012005deab5e

  • SHA256

    72e51dd5dfd89390290274a3eb4e3c2e5acbc8321c7b040b8769af7dd7f4f1fe

  • SHA512

    f504a8f394bbb049aabf479f462a9c318d0fa9d2efee8d4daf06303c65c33c406f01f3262c48a6caa4802ef2d1e8e3e0ed40f38a1910d8afb66c96e6d878824f

  • SSDEEP

    98304:JqcHd9dChDBdG26666666666666666666666666666666x666666666666666fw8:JqcHZChfGcwM0lq

Score
10/10
salitybackdoorupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\72e51dd5dfd89390290274a3eb4e3c2e5acbc8321c7b040b8769af7dd7f4f1fe.exe
    "C:\Users\Admin\AppData\Local\Temp\72e51dd5dfd89390290274a3eb4e3c2e5acbc8321c7b040b8769af7dd7f4f1fe.exe"
    1⤵
      PID:4996
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 504
        2⤵
        • Program crash
        PID:464
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4996 -ip 4996
      1⤵
        PID:4924

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4996-0-0x0000000000400000-0x000000000073C000-memory.dmp

        Filesize

        3.2MB

        Download

      • memory/4996-1-0x0000000002630000-0x00000000036EA000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/4996-2-0x0000000000400000-0x000000000073C000-memory.dmp

        Filesize

        3.2MB

        Download