Analysis
-
max time kernel
127s -
max time network
130s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
11-11-2020 10:53
Static task
static1
Behavioral task
behavioral1
Sample
5c3e7afb933472823ff76245e3a6f1e94827da16c65f4c1f60b2574559bb7823.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
5c3e7afb933472823ff76245e3a6f1e94827da16c65f4c1f60b2574559bb7823.exe
Resource
win10v20201028
General
-
Target
5c3e7afb933472823ff76245e3a6f1e94827da16c65f4c1f60b2574559bb7823.exe
-
Size
3.3MB
-
MD5
24d138c8c647374dc46ebcf35144c887
-
SHA1
8f3aba2d700df244557e624279093d03d35a7cc8
-
SHA256
5c3e7afb933472823ff76245e3a6f1e94827da16c65f4c1f60b2574559bb7823
-
SHA512
751ee9dd1f18517bc0c2667757b993f9ee8537a0673106c7f7a5e40d34719432d0a064a05674592cdab932fa83bfb33ca1e814f4597e5ca21153df1fcdf9ff2f
Malware Config
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Processes:
resource yara_rule behavioral1/memory/1756-0-0x0000000000400000-0x0000000000A18000-memory.dmp vmprotect behavioral1/memory/1756-1-0x0000000000400000-0x0000000000A18000-memory.dmp vmprotect behavioral1/memory/1756-2-0x0000000000400000-0x0000000000A18000-memory.dmp vmprotect
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/664-3-0x000007FEF7EB0000-0x000007FEF812A000-memory.dmpFilesize
2.5MB
-
memory/1756-0-0x0000000000400000-0x0000000000A18000-memory.dmpFilesize
6.1MB
-
memory/1756-1-0x0000000000400000-0x0000000000A18000-memory.dmpFilesize
6.1MB
-
memory/1756-2-0x0000000000400000-0x0000000000A18000-memory.dmpFilesize
6.1MB