Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
06/12/2024, 19:26
General
-
Target
5bd604b845ec9a4248c28867e260be160370dce930022852ffd79615ffd00144.exe
-
Size
539KB
-
MD5
0f2d835e2c7a9abd3d30ab1786e023ae
-
SHA1
6b8c142b3cacef5522e556935be50c9c11421a32
-
SHA256
5bd604b845ec9a4248c28867e260be160370dce930022852ffd79615ffd00144
-
SHA512
159ea5b4c13d268c181952bccc50624dae89d1276a7ada3590381229345f1b15b328f5d0551612ae732c4ed33e055c482fcfe5f5aec83e38d9873aaa9336554b
-
SSDEEP
6144:4+n0XNhjU4yOrDP6wm6PK1w2j4E+QNCHnAoOgr5IKdAOe0SOu14peFXuf1BN1/TS:4jhjNXP7hE+aVoOgr5IKdiOuiKABO
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Signatures
-
Modifies firewall policy service 3 TTPs 3 IoCs
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
Sality family
-
UAC bypass 3 TTPs 1 IoCs
-
Windows security bypass 2 TTPs 6 IoCs
-
Windows security modification 2 TTPs 7 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System policy modification 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5bd604b845ec9a4248c28867e260be160370dce930022852ffd79615ffd00144.exe"C:\Users\Admin\AppData\Local\Temp\5bd604b845ec9a4248c28867e260be160370dce930022852ffd79615ffd00144.exe"1⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Windows security modification
- Checks whether UAC is enabled
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- System policy modification
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
496KB
-
Filesize
496KB
-
Filesize
16.7MB
-
Filesize
16.7MB