Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220414-en
General
-
Target
tmp
-
Size
7KB
-
MD5
64ffccc75e82eb7abb8a53f6a431f7a2
-
SHA1
56bc4aa2b58ba8538102da10a2206326aaa5f72d
-
SHA256
be18535af226a702c71031342038b0f22f09cf251f66b6b4ae5de08206053007
-
SHA512
f594fd7fcfbc79717c659b43812483dc5a3ca6a6da31140bed35e91e396bdbc43ea64da074fcfb1e309c10be9af1df7e3f087d13e6dfbc4ba908bfe6aeaa86fe
-
SSDEEP
24:eFGStrJ9u0/6xg3nZdEBQAV6K0G8m0dgciOW0+y6o0P+hE64vRpmB:is0ciEBQo0GN0dRtW0JR0FeB
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
metasploit_stager
49.232.213.51:4445
Signatures
-
Metasploit family
Files
-
tmp.exe windows x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.qxga Size: 1024B - Virtual size: 712B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE