Overview

overview

8

Static

static

3

salinewin-...ty.exe

windows7-x64

1

salinewin-...ty.exe

windows10-2004-x64

1

salinewin/...te.bat

windows7-x64

1

salinewin/...te.bat

windows10-2004-x64

1

salinewin/...DL.dll

windows7-x64

1

salinewin/...DL.dll

windows10-2004-x64

1

salinewin/...-4.dll

windows7-x64

3

salinewin/...-4.dll

windows10-2004-x64

3

salinewin/...mu.exe

windows7-x64

1

salinewin/...mu.exe

windows10-2004-x64

1

salinewin/...ss.exe

windows7-x64

1

salinewin/...ss.exe

windows10-2004-x64

1

salinewin/...sm.exe

windows7-x64

1

salinewin/...sm.exe

windows10-2004-x64

1

salinewin/...in.exe

windows7-x64

7

salinewin/...in.exe

windows10-2004-x64

7

salinewin/...bin.py

windows7-x64

3

salinewin/...bin.py

windows10-2004-x64

3

salinewin/...in.exe

windows7-x64

8

salinewin/...in.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    145s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 16:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    salinewin/PayloadMBR/Create.bat

  • Size

    397B

  • MD5

    61e988b23f22b1c21626df02ca92b010

  • SHA1

    bd60038f968325dbe556f583d0ae7ea306c6d332

  • SHA256

    05a3a4faa2422e5d923439f6bafb331e0c1a2a2a334f376bdda6a49feef90e09

  • SHA512

    cbc564bd2af5b901cacb2114ab26a4dce12575a3e6a2fb20547adfef0605b2481020faa9837556fcec3fbecee146ce373905535f58c86a8f1d81e624574b2538

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\salinewin\PayloadMBR\Create.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Users\Admin\AppData\Local\Temp\salinewin\PayloadMBR\Programs\QEMU\qemu.exe
      Programs\QEMU\qemu -s -soundhw pcspk -fda disk.img
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2760-0-0x0000000003150000-0x0000000005151000-memory.dmp

    Filesize

    32.0MB

    Download

  • memory/2760-1-0x0000000000C61000-0x0000000000C62000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2760-2-0x0000000000400000-0x0000000000C98000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/2760-3-0x0000000000400000-0x0000000000C98000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/2760-6-0x0000000070800000-0x0000000070840000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2760-4-0x0000000000400000-0x0000000000C98000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/2760-7-0x0000000000400000-0x0000000000C98000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/2760-10-0x0000000000400000-0x0000000000C98000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/2760-13-0x0000000000400000-0x0000000000C98000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/2760-16-0x0000000000400000-0x0000000000C98000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/2760-19-0x0000000000400000-0x0000000000C98000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/2760-22-0x0000000000400000-0x0000000000C98000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/2760-25-0x0000000000400000-0x0000000000C98000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/2760-28-0x0000000000400000-0x0000000000C98000-memory.dmp

    Filesize

    8.6MB

    Download

  • memory/2760-31-0x0000000000400000-0x0000000000C98000-memory.dmp

    Filesize

    8.6MB

    Download