Analysis
-
max time kernel
131s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
29-05-2022 15:19
Static task
static1
Behavioral task
behavioral1
Sample
0e15ff333d7b5774ee2bd5bb57ee586eece975a90b3abbeaab9d66d993350ba5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0e15ff333d7b5774ee2bd5bb57ee586eece975a90b3abbeaab9d66d993350ba5.exe
Resource
win10v2004-20220414-en
General
-
Target
0e15ff333d7b5774ee2bd5bb57ee586eece975a90b3abbeaab9d66d993350ba5.exe
-
Size
1.4MB
-
MD5
ef6469ad1bd075a5fd74f6c17a4493ad
-
SHA1
66380a2bd32d9a59a01d86316f042222e8e20cd1
-
SHA256
0e15ff333d7b5774ee2bd5bb57ee586eece975a90b3abbeaab9d66d993350ba5
-
SHA512
2be0b514d8f2051ef8fce76dfef097627ef229af97a16860f7867c103c702588a3520f73c7076d9c91c4cd9bd7f156f67b170a7a0080fbd56e7caec994559730
Malware Config
Extracted
metasploit
windows/reverse_http
http://165.22.98.128:1123/ezH91VYeNmDZrdishFkyXgiePef2Gq3ROFn
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
0e15ff333d7b5774ee2bd5bb57ee586eece975a90b3abbeaab9d66d993350ba5.exepid process 1660 0e15ff333d7b5774ee2bd5bb57ee586eece975a90b3abbeaab9d66d993350ba5.exe