Analysis
-
max time kernel
141s -
max time network
160s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
26-05-2022 10:47
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
tmp.exe
-
Size
72KB
-
MD5
04cf8f97769f71408280158795d8e309
-
SHA1
2c26c24ab7b02267ef6bd7aa71cbbccfd07ddbff
-
SHA256
cfd3d68fdcdcb3e629ecee1612d87a3b69dca38e266dbad2f6e71859254f2a73
-
SHA512
3d07e553d00111624e9993414dece4c6fba3428eeaa4dc042ca4dea5b024eb8f201002a812c3bef26aa170ebeed98735a8708dc112f89a96567fa3db29dafd18
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/reverse_tcp
C2
10.211.55.2:3333
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
tmp.exedescription pid process target process PID 1192 wrote to memory of 1408 1192 tmp.exe svchost.exe PID 1192 wrote to memory of 1408 1192 tmp.exe svchost.exe PID 1192 wrote to memory of 1408 1192 tmp.exe svchost.exe PID 1192 wrote to memory of 1408 1192 tmp.exe svchost.exe PID 1192 wrote to memory of 1408 1192 tmp.exe svchost.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1408-54-0x0000000000000000-mapping.dmp