General
-
Target
11023b819f2ab50a2f84f8733af770df40105f1438d8766da2c1c3cb6f949faa
-
Size
58KB
-
Sample
220604-mh7lzafffm
-
MD5
9329985551d50c0a858d50668f714774
-
SHA1
b0346c80e1343c9060ad52360fe57ada0860ea9f
-
SHA256
11023b819f2ab50a2f84f8733af770df40105f1438d8766da2c1c3cb6f949faa
-
SHA512
30d06dd4badbe5c44829a8b64e772637d852e2d933781f6bf06705186d3e430b994e674746969b36b18e8fcba3bfed8705c3f7ce7cfff61219a0f169a068bf31
Static task
static1
Behavioral task
behavioral1
Sample
11023b819f2ab50a2f84f8733af770df40105f1438d8766da2c1c3cb6f949faa.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
11023b819f2ab50a2f84f8733af770df40105f1438d8766da2c1c3cb6f949faa.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
11023b819f2ab50a2f84f8733af770df40105f1438d8766da2c1c3cb6f949faa
-
Size
58KB
-
MD5
9329985551d50c0a858d50668f714774
-
SHA1
b0346c80e1343c9060ad52360fe57ada0860ea9f
-
SHA256
11023b819f2ab50a2f84f8733af770df40105f1438d8766da2c1c3cb6f949faa
-
SHA512
30d06dd4badbe5c44829a8b64e772637d852e2d933781f6bf06705186d3e430b994e674746969b36b18e8fcba3bfed8705c3f7ce7cfff61219a0f169a068bf31
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-