Overview

overview

10

Static

static

3

e555164691...bc.exe

windows7-x64

10

e555164691...bc.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27-12-2024 03:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e555164691b6b316c0e2f0c9295e6689fc706dca2f91a22cfd300eb9fa889bbc.exe

  • Size

    288KB

  • MD5

    2b49c7724c44a38cbb034222c06b4065

  • SHA1

    7610e59ecb6f05878352e36ac77605116568209f

  • SHA256

    e555164691b6b316c0e2f0c9295e6689fc706dca2f91a22cfd300eb9fa889bbc

  • SHA512

    f3cbde7b43caf5ac61983e752165b0674abf64aaa591a6184ac88aff43ff69bb39172eeec8f4dca8b0dc45ff209dc7447e29f55915c5af1f929f3e38ada8f62d

  • SSDEEP

    6144:UefmGwhmyO9ik96bDMe2mqVzNudSNbzag148eYj/axQ:UTGeE96P499hBW04oj/a+

Score
10/10
salitybackdoordiscoveryevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

  • Modifies firewall policy service 3 TTPs 3 IoCs
    evasion
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • Sality family
    sality
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 6 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1116
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1172
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
          PID:1236
          • C:\Users\Admin\AppData\Local\Temp\e555164691b6b316c0e2f0c9295e6689fc706dca2f91a22cfd300eb9fa889bbc.exe
            "C:\Users\Admin\AppData\Local\Temp\e555164691b6b316c0e2f0c9295e6689fc706dca2f91a22cfd300eb9fa889bbc.exe"
            2⤵
            • Modifies firewall policy service
            • UAC bypass
            • Windows security bypass
            • Windows security modification
            • Checks whether UAC is enabled
            • Enumerates connected drives
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:2148
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe" http://qqgame.qq.com
              3⤵
              • Modifies Internet Explorer settings
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:2828
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:2
                4⤵
                • System Location Discovery: System Language Discovery
                • Modifies Internet Explorer settings
                • Suspicious use of SetWindowsHookEx
                PID:2612
        • C:\Windows\system32\DllHost.exe
          C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
          1⤵
            PID:2040

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            33c94374d444ca129e0596df6a4eb121

            SHA1

            1dad9f0e86864a49379dc317dccb11c3871ac95a

            SHA256

            3bc327ce894699bd59b1e4123379f5bef106d800db162cadff7232a0ba395448

            SHA512

            669fbdd633f7c2d5380477a85433eb32cb11c1a271f7900c1d8ece6ccdd35db8ab51cb9a97bb699a9eeb71995db885f703a20f74f51aa4b22b2975ad38ede0a0

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            117495f0242d25645abe9b22df38822d

            SHA1

            0d3068fe0192d9683bdcc90aa42e65727a30e1cf

            SHA256

            ab0446d243154b5e3bfd99825c576785295f1ed0cbd26d7fada225db53867b6e

            SHA512

            85c7d99d54dec559977cb29451a50996c1772592ed717d62ab47ae0e075abc20f4c015147740ded968920e45be073374566c963f69f719422598582a85ee33ce

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            2db58b119ec88cce9256419031b3a658

            SHA1

            02b995981b6aec20dec58967fd9d7f0c2b7f0f58

            SHA256

            1bdc0db6239e42f28ab3f2d5fec5684fb11348127496b0f13f5858b6e47cfd16

            SHA512

            a9bc884a35683f20042ddbef1d2f49e094154ec01eea801a2d995bab011dfd3c96221f3399a4f85fd0c8c75764b72a70a5bd04adaac42ce66fdc98e0d0b8c8cf

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            7957b211a4b9e2a0277aef668e703ea0

            SHA1

            ccbe0e5471fb8615098585c594b3d4059cfe6403

            SHA256

            b1f8b55e99da2fcce7241f0c55b6c1a01a40de78c02e7501bb2046bac5d1fcf1

            SHA512

            8116cfdbc2e3ddacb9d98d832887b65c3f5fee7de3ecaa90b7701f40b48d8c9160b610dde2870c26b8c0df2a252a0242ba9dbbc7be1a929a81eec1ae808753e5

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            b7df49d5ff6702606effc3b74f915471

            SHA1

            51a0adc1df6b20d91faeff571e71e08bfe118e58

            SHA256

            368e6e18262befd5c68d639b98102badcc34fc1992233c232f7610b11cbf6ade

            SHA512

            ad0c17988dc62a930da91df4995da8c78c16f67b18c0de9576f060cec124e7e0f14798e7045762bf19e01cf5c9e1f3225789cda53e31a9d686bb4848d216707d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            6d3c34cb19f1601f2647829295493065

            SHA1

            fdd741dda0e902eb31af5b9e3a194a1b50d93177

            SHA256

            0f4f45fbc906053d1ae9d7b65fd133b42eae2bd4966e9fa710550050630e025d

            SHA512

            e865c234f48d77c4ab07e67f8e33b308a3566742687ac18e5c4c8bcfca919ae28d85d1f7f484b030f4f765509b5bde8096e1b3a550875a840c6e674f60100b06

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            a32e5183c7db04e7a231432ae956f68f

            SHA1

            c60ed5acb899892da96ed704b1615008674e2df5

            SHA256

            808502114aade9ff11c38c859f0807adb2e5cd8d38f15d4595ec49e59cf8689a

            SHA512

            8abd771cfff19068f6fe512fb06a5ecf2c1c2e78e2623592ebca6503c2b5947b02e0d54d36221f72ec3e8fcace4f179cdbbb59c1a8365b537b1d1af31f218c59

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            7fe1d096df2bf9c8fea8226bd8921b7a

            SHA1

            d758ff134d88590c9ba89e69692a41d2e35965e0

            SHA256

            5e69a7a81dcc12ab7ce2ed95968298dfea6108040f363b2543b109c8490f9d6a

            SHA512

            120eed9f64ba0d0d924674890b71b01cb28ea631b272318431bde137c9c29903cae5028a073e37a072a2aca2e9df02b780f367ae753f536763ded5a02b328ecd

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            fb8ae673ee6800c56b72ed5ba374b695

            SHA1

            254a2d0f29392b5ddd68edc663d36ee442047cce

            SHA256

            532f413d2008ca6367d5970a5c335e8a951c0ac4142b2052f299c1f9c1cfb0b6

            SHA512

            7ec340c491e7eb5a8887ed3ebca4c4cc818c0df6ab80041dfbef12b386ab4d051d7b4d14679acf7dacba20a266f53950ec00cf06caabf52c32b0fd8593c451fe

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            e9536a26a00323aa012a7c6b84faf3e8

            SHA1

            45613e89a0af8c8c181dd6baadbf7bffcea42d3d

            SHA256

            da6bb3015600066453291eb5052542e94ac56ebf730ba613ec07855a05dd6e5f

            SHA512

            659555e659444674112b50bd491333a6f310311f677311316e9ca2eab0053815fec0cb0b9a9ae7f430ee0545b9f5d0ae9c7bbc9a3ed608eefebd82d4168a1cf9

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            b23ee7ca7ae7f44942f597a6da9d187a

            SHA1

            30b0f2bb91881cd1fb89da93a946702d8c07553d

            SHA256

            0ce536f81294c209a97e8de5c34d5a5390277fc8ff75570bb8e69528b5e5be18

            SHA512

            9af414d9814d117d0997f7329267e764b2ac39c8439e28380f507d8a2739c0a40d3984df02e5201cdcf842fdccef9b821e1a953cc2a7a9497f13f83560adfac2

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            28709197276020b89cb72b1bc6d9d44c

            SHA1

            2f630dbe7f7f024cf2c2a61826672d633f4856c2

            SHA256

            f0508158eae803628ba543ef228456a45d09d3ccf3619ab7f42f6dfb349184f9

            SHA512

            cfa639496040fbed85541b45025e479c18db4a3a564400221f5c21f575d08d58f0a07dd60481c99c9e991b778e38157779ab349bf579ac4252ab44dc1bd0eb40

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            f6c4b603fe2893bcbe0de479cc9dafe4

            SHA1

            1f6ae33d0f28f91e668ea310cdcf522969a485ae

            SHA256

            58cea513efdd3be5fc39d187822a80bd65f7194630b87157ff95b09525176a33

            SHA512

            9bba791ae72b5db2e62cb908ae2f93f6040b974c6ffb60cd3ffecffc4393bb2fed595253652b58ca17a812d5a4af354bdde2ad7da2fbe1375c130ecb2a697505

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            a9497d38b146f6da0fe2370e26d23a0c

            SHA1

            434b66ee324a58e1ab693674cdd5b7ba913a694f

            SHA256

            2417b1e1d0c996317a5ce6d06819a339ac858051cfdf7c13f9ee32647454af59

            SHA512

            832d034a13ae0a13e7807295885039dad878da153b300414c52eb62999b860c4870b4871c7f54c727fe074b6763a9b1d21b65a99e9c51632973219e29d7fac19

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            a8cc85f77c5a872bf71b904847fb27d0

            SHA1

            581302d45e6dd426e461dc4a113dc4580549be87

            SHA256

            18b7bb26db555a8c9a185c3b32fe7803dc9d9ee37fba007470f2ac45915b4891

            SHA512

            7c670a3e4939805055fae44cab54e416a5e1180b83a1270145ebc744c8f5b56bcdb89c71b7764053716ddc36671f7d99fd1fa17aab60d6beb1e287ee54010d57

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            1638c76c33358c2e6f795dba03085954

            SHA1

            72f2c6b88acaf382b453a909388fe32e4c261eaa

            SHA256

            368e614f659ca36518ec216c8d35b7353d70c39b1c92aebb2eafafc392d2d981

            SHA512

            dc1264ac43dbeebfc724c78650ab2e69b0efb4c0b33fbae4b44f6ed3a4abd9258e653268a4974a6a45a42ab5eb9d53ada5453ffea99c1754baef120b8cd03087

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            def20638158fa8cad50eac6d7a39c1a8

            SHA1

            41d2f06d0d2acf90fac95516c0bc5a8c3ddf53c5

            SHA256

            9d1d59f52f4f8cce85e791541ea1d6372be8c31ff2239e7fede7f29255c70868

            SHA512

            1ed4bf449f5afb611f9f57f1c794fa594d75e7969edfd7be733000c81af85e2487202feff11aa9bbc8fb020d2e81cf85aef7fce965041bfcdc697c571eddc99a

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            2c76efe0b814a14094772e3185c1aa75

            SHA1

            b0ae1ec2e6ad8db154ab287139e6789ac75abe4f

            SHA256

            94900fabc82b36aba02eabf8676c0317976c8afa467e6c60b648cd322edf039f

            SHA512

            9754ce9a29f8186f8b59462a53a18a432a0a8cc56195af2576c92de30e6ddd65116b008fb42c3fc5642032c7c6a306ead4d592476df309f88050fa589354ad5d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            c10da1189ec8f796dddab9e292e98736

            SHA1

            1db16edd95ca336590ea87dfc6d552809750c587

            SHA256

            6b5ec9bd1ceb2b49a92158ee985e53aad627e347b1a62492c1bb174a173516d4

            SHA512

            f683ed141b567d88f5cd10140be4fd05285e9ff487b5fc89d7f3370a29a42231ddece1e9a4714746471a865d223e3c40b8da1e9af3b2c1e618fa5bcdd32da7ed

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\CabE024.tmp
            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\TarE0F2.tmp
            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

            Download Submit

          • memory/1116-13-0x0000000000570000-0x0000000000572000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2148-11-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-6-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-44-0x00000000004D0000-0x00000000004D2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2148-61-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-60-0x0000000000400000-0x000000000044A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/2148-40-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-38-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-37-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-36-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-35-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-34-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-9-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-26-0x00000000004E0000-0x00000000004E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2148-41-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-8-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-0-0x0000000000400000-0x000000000044A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/2148-32-0x00000000004D0000-0x00000000004D2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2148-33-0x00000000004D0000-0x00000000004D2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2148-12-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-10-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-7-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-22-0x00000000004D0000-0x00000000004D2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2148-4-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-5-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download

          • memory/2148-23-0x00000000004E0000-0x00000000004E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2148-2-0x0000000001F80000-0x000000000303A000-memory.dmp

            Filesize

            16.7MB

            Download