General
-
Target
2df686651393751c666c313c6f9168fcd32fe905bab992fbeb50679da5063c0a
-
Size
667KB
-
Sample
220622-p5w5vsheh5
-
MD5
9e9cefa01b2d4818c0ff998515e488f2
-
SHA1
822451bed5b6057f9a54df417d61b4ae4585537f
-
SHA256
2df686651393751c666c313c6f9168fcd32fe905bab992fbeb50679da5063c0a
-
SHA512
5d0d0f9e317078cad2fe40890dd189e3e5a4cfedb6301d2e68ee14c3da29df6d4f6c16d047219aa435f6111cf2c859970fe6ff45b4cae77410dab294bb5ca7c1
Static task
static1
Behavioral task
behavioral1
Sample
2df686651393751c666c313c6f9168fcd32fe905bab992fbeb50679da5063c0a.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2df686651393751c666c313c6f9168fcd32fe905bab992fbeb50679da5063c0a.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
2df686651393751c666c313c6f9168fcd32fe905bab992fbeb50679da5063c0a
-
Size
667KB
-
MD5
9e9cefa01b2d4818c0ff998515e488f2
-
SHA1
822451bed5b6057f9a54df417d61b4ae4585537f
-
SHA256
2df686651393751c666c313c6f9168fcd32fe905bab992fbeb50679da5063c0a
-
SHA512
5d0d0f9e317078cad2fe40890dd189e3e5a4cfedb6301d2e68ee14c3da29df6d4f6c16d047219aa435f6111cf2c859970fe6ff45b4cae77410dab294bb5ca7c1
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-