Analysis
-
max time kernel
45s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
29/04/2024, 16:11
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
salinewin.exe-Malware-main.zip
Resource
win7-20231129-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
salinewin.exe-Malware-main.zip
Resource
win10v2004-20240419-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
salinewin.exe-Malware-main.zip
-
Size
12.1MB
-
MD5
c8bf514a334eaa148cb3c6135c2fb394
-
SHA1
0e47a89c3729db5a6f195c6abb04e5129d788df8
-
SHA256
9127560918eaefe69f1959bcb7f7e13b7e3a7ac156b564922829faaec9b96f67
-
SHA512
9879a258f429ef492cf495dbddd4f2b9c9fbc061e325aa8ad870ed05049b7ad595b26d223d20c55fc99f403fc9b5d0235353d71bf5d9a39ee4462838feb247ff
-
SSDEEP
393216:HWK1J5ZA1mZ7oIWBb/P6VyeOgMt29aiGwLp7:H/V61mZUIWBbXkyeOh6a8Lp7
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 15 IoCs
pid Process 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1036 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1036 taskmgr.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe -
Suspicious use of SendNotifyMessage 25 IoCs
pid Process 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe 1036 taskmgr.exe
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\salinewin.exe-Malware-main.zip1⤵PID:2888
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2380
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1036