Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
27-01-2022 21:32
General
-
Target
1fd74e431f84ab00ad62620141b53491c450b3d6c71dc0fe8ff0dbc47ea304a3.exe
-
Size
857KB
-
MD5
10e2d3cb3e7b746b352f280e0ac1d2d4
-
SHA1
855c4ba7467dfc75a38013fb7fed7da287fe5170
-
SHA256
1fd74e431f84ab00ad62620141b53491c450b3d6c71dc0fe8ff0dbc47ea304a3
-
SHA512
e65f82790a51e009d5dc809d5e2e4d112eb257aa2de2dea5e073f38fb9113adbec48f716618fe01f676295a4cdcea1d8fe0bd17f3a9339e6c2039fe953f891d1
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
encoder/call4_dword_xor
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1fd74e431f84ab00ad62620141b53491c450b3d6c71dc0fe8ff0dbc47ea304a3.exe"C:\Users\Admin\AppData\Local\Temp\1fd74e431f84ab00ad62620141b53491c450b3d6c71dc0fe8ff0dbc47ea304a3.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1fd74e431f84ab00ad62620141b53491c450b3d6c71dc0fe8ff0dbc47ea304a3.exe"C:\Users\Admin\AppData\Local\Temp\1fd74e431f84ab00ad62620141b53491c450b3d6c71dc0fe8ff0dbc47ea304a3.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1796-62-0x0000000029A00000-0x0000000029A1E000-memory.dmpFilesize
120KB
-
memory/1796-63-0x0000000029A00000-0x0000000029A1E000-memory.dmpFilesize
120KB
-
memory/1796-60-0x0000000029A00000-0x0000000029A1E000-memory.dmpFilesize
120KB
-
memory/1796-58-0x0000000029A00000-0x0000000029A1E000-memory.dmpFilesize
120KB
-
memory/1796-57-0x0000000029A00000-0x0000000029A1E000-memory.dmpFilesize
120KB
-
memory/1796-56-0x0000000029A00000-0x0000000029A1E000-memory.dmpFilesize
120KB
-
memory/1932-55-0x0000000076511000-0x0000000076513000-memory.dmpFilesize
8KB