Analysis
-
max time kernel
135s -
max time network
141s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
11-11-2020 10:52
Static task
static1
Behavioral task
behavioral1
Sample
2d224f2928987e47e0144b42dcb5a4aae97ffacb23783856d122cc7598da5763.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
2d224f2928987e47e0144b42dcb5a4aae97ffacb23783856d122cc7598da5763.exe
Resource
win10v20201028
General
-
Target
2d224f2928987e47e0144b42dcb5a4aae97ffacb23783856d122cc7598da5763.exe
-
Size
3.4MB
-
MD5
ce63c6b94bda4ac95581362937773b37
-
SHA1
4e8f215aafa892595f51a107b17f6f7dd0855ee5
-
SHA256
2d224f2928987e47e0144b42dcb5a4aae97ffacb23783856d122cc7598da5763
-
SHA512
fbf9dd0d1b039775a82d27f93b4fb19f604806597ec0eecfad749787f5ff102f4608ea930b1ddb0d63efc597a9b1cf117cdd9bbf57e03d73d8d244d9a9df544a
Malware Config
Extracted
metasploit
windows/download_exec
http://47.91.237.42:8443/blIF
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Processes:
resource yara_rule behavioral1/memory/788-0-0x0000000000F50000-0x0000000001574000-memory.dmp vmprotect behavioral1/memory/788-1-0x0000000000F50000-0x0000000001574000-memory.dmp vmprotect behavioral1/memory/788-2-0x0000000000F50000-0x0000000001574000-memory.dmp vmprotect
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/788-0-0x0000000000F50000-0x0000000001574000-memory.dmpFilesize
6.1MB
-
memory/788-1-0x0000000000F50000-0x0000000001574000-memory.dmpFilesize
6.1MB
-
memory/788-2-0x0000000000F50000-0x0000000001574000-memory.dmpFilesize
6.1MB
-
memory/844-3-0x000007FEF6980000-0x000007FEF6BFA000-memory.dmpFilesize
2.5MB