Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18-05-2024 08:18
General
-
Target
84051e329589ab9f7477881ce83eff030fdf9aef25cc218ed8d204498c71d630.exe
-
Size
2.3MB
-
MD5
afc9983c53cb1cf1499744e352d55495
-
SHA1
def7a0a8fe04e85b78784f2bf4085b4336f87e5b
-
SHA256
84051e329589ab9f7477881ce83eff030fdf9aef25cc218ed8d204498c71d630
-
SHA512
ebde26f7244388f745ead564445b460cb7cc2dfc2162ed16fabc1eff7bbadcd77ea4f29de17c1ac20c2aaf04252d373aafe91861a5a7827c57157dc4dcd8ab2c
-
SSDEEP
49152:JvggggMYMb0aDsQ1FTw5GbFp0whdZSjYKP/hVY7kXE7PO:JUb0aDfssbFpbUYghO
Score
10/10
Malware Config
Extracted
Family
sality
C2
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Signatures
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\84051e329589ab9f7477881ce83eff030fdf9aef25cc218ed8d204498c71d630.exe"C:\Users\Admin\AppData\Local\Temp\84051e329589ab9f7477881ce83eff030fdf9aef25cc218ed8d204498c71d630.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2364-0-0x0000000000400000-0x0000000000646000-memory.dmpFilesize
2.3MB
-
memory/2364-2-0x00000000020B0000-0x000000000316A000-memory.dmpFilesize
16.7MB
-
memory/2364-3-0x0000000000400000-0x0000000000646000-memory.dmpFilesize
2.3MB