c7070b6c4f86315a7f441104c11cfa075d199d10f58d4a6def42e0fba3834426

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Salad.exe
Size

2.7MB
MD5

839ddeb57dce73e6f354499323933378
SHA1

bb4b28011018e51adb9a5310ec54fcf9a2cecf51
SHA256

c7070b6c4f86315a7f441104c11cfa075d199d10f58d4a6def42e0fba3834426
SHA512

aa75ec396f34e097226c5c03dce99f1c356117e49e2a1ee42c675352730b1d5f96224e798b63bd45da539dbc102d3a0f77f4491910b9ccdba138ca9f226ab47d
SSDEEP

49152:NOJvFeII+PiGd/Mx9kmMzWut9qYR9kqXfd+/9ATrgBWBKH8jkDVFCNXODzWS9HfO:NOJvF6wiG5/Wg9q+9kqXf0F9+KH4kpcR

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2496	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2496	AUDIODG.EXE
Token: 33	2496	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2496	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2104	Salad.exe
2104	Salad.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 3024	2104	Salad.exe	29
PID 2104 wrote to memory of 3024	2104	Salad.exe	29
PID 2104 wrote to memory of 3024	2104	Salad.exe	29

C:\Users\Admin\AppData\Local\Temp\Salad.exe
"C:\Users\Admin\AppData\Local\Temp\Salad.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2104 -s 880
  2⤵
  PID:3024

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2796

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x464
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Settings\TopMost.txt

Filesize
5B

MD5
68934a3e9455fa72420237eb05902327

SHA1
7cb6efb98ba5972a9b5090dc2e517fe14d12cb04

SHA256
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa

SHA512
719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d

Download Submit
memory/2104-4-0x000000001F720000-0x000000001FB26000-memory.dmp

Filesize
4.0MB

Download
memory/2104-26-0x0000000000DD0000-0x0000000000DDA000-memory.dmp

Filesize
40KB

Download
memory/2104-3-0x000007FEF4C90000-0x000007FEF567C000-memory.dmp

Filesize
9.9MB

Download
memory/2104-0-0x000007FEF4C93000-0x000007FEF4C94000-memory.dmp

Filesize
4KB

Download
memory/2104-5-0x000007FEF4C90000-0x000007FEF567C000-memory.dmp

Filesize
9.9MB

Download
memory/2104-6-0x000007FEF4C90000-0x000007FEF567C000-memory.dmp

Filesize
9.9MB

Download
memory/2104-2-0x0000000000D70000-0x0000000000DB2000-memory.dmp

Filesize
264KB

Download
memory/2104-18-0x0000000000DB0000-0x0000000000DBE000-memory.dmp

Filesize
56KB

Download
memory/2104-7-0x0000000000DC0000-0x0000000000DC8000-memory.dmp

Filesize
32KB

Download
memory/2104-19-0x0000000002840000-0x00000000028D4000-memory.dmp

Filesize
592KB

Download
memory/2104-1-0x0000000000F10000-0x00000000011CA000-memory.dmp

Filesize
2.7MB

Download
memory/2104-27-0x000007FEF4C90000-0x000007FEF567C000-memory.dmp

Filesize
9.9MB

Download
memory/2104-28-0x000007FEF4C93000-0x000007FEF4C94000-memory.dmp

Filesize
4KB

Download
memory/2104-29-0x000007FEF4C90000-0x000007FEF567C000-memory.dmp

Filesize
9.9MB

Download
memory/2104-30-0x000007FEF4C90000-0x000007FEF567C000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads