Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
13-12-2024 11:14
Static task
static1
Behavioral task
behavioral1
Sample
d31bb5650f7a0289497bfc3d0513d549298faad1e41334f59cf7adb461128b64.exe
Resource
win7-20241023-en
General
-
Target
d31bb5650f7a0289497bfc3d0513d549298faad1e41334f59cf7adb461128b64.exe
-
Size
3.5MB
-
MD5
d625b816b2bccc20f04bcb268d08515d
-
SHA1
73156b83060e5b601507356ade0cd3adfa700fba
-
SHA256
d31bb5650f7a0289497bfc3d0513d549298faad1e41334f59cf7adb461128b64
-
SHA512
3c6401d8b36d7e49663e00bb4e697b483bd046e174969260c112529e67b9023ac07237be9e51feab4a551b71ee6e4f278e2b8847dc2c3aa45c8101e5d81a7af7
-
SSDEEP
98304:Y/bkbIgS8LUFIEUy2NDHgvS+p/xYbKBNh:YAcgS84Untmp/cc
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Signatures
-
Sality family
-
resource yara_rule behavioral1/memory/1596-3-0x0000000000CD0000-0x0000000001D8A000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d31bb5650f7a0289497bfc3d0513d549298faad1e41334f59cf7adb461128b64.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1596 d31bb5650f7a0289497bfc3d0513d549298faad1e41334f59cf7adb461128b64.exe 1596 d31bb5650f7a0289497bfc3d0513d549298faad1e41334f59cf7adb461128b64.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d31bb5650f7a0289497bfc3d0513d549298faad1e41334f59cf7adb461128b64.exe"C:\Users\Admin\AppData\Local\Temp\d31bb5650f7a0289497bfc3d0513d549298faad1e41334f59cf7adb461128b64.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1596