General
-
Target
13cdb8e810332bcaa0067d3c234e34e11979208ccebb1f8cffb9d9faefd33071
-
Size
84KB
-
Sample
220603-fj7j2aggf8
-
MD5
d29a4f42b14963a79065bd7055799eb4
-
SHA1
8d95394fba3164440e1627f02a0963167e154521
-
SHA256
13cdb8e810332bcaa0067d3c234e34e11979208ccebb1f8cffb9d9faefd33071
-
SHA512
6cfc6a7db13c2224804c5ca32abdf541726859e36b873adfb22adff9506920bd42916ed52340dc9dd26d0cae4d9d2cf721eb9b7121d97e1ec38b226b4923d003
Static task
static1
Behavioral task
behavioral1
Sample
13cdb8e810332bcaa0067d3c234e34e11979208ccebb1f8cffb9d9faefd33071.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
13cdb8e810332bcaa0067d3c234e34e11979208ccebb1f8cffb9d9faefd33071.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
13cdb8e810332bcaa0067d3c234e34e11979208ccebb1f8cffb9d9faefd33071
-
Size
84KB
-
MD5
d29a4f42b14963a79065bd7055799eb4
-
SHA1
8d95394fba3164440e1627f02a0963167e154521
-
SHA256
13cdb8e810332bcaa0067d3c234e34e11979208ccebb1f8cffb9d9faefd33071
-
SHA512
6cfc6a7db13c2224804c5ca32abdf541726859e36b873adfb22adff9506920bd42916ed52340dc9dd26d0cae4d9d2cf721eb9b7121d97e1ec38b226b4923d003
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-