Analysis

  • max time kernel
    39s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    30-06-2022 23:32

General

  • Target

    3fa98e5083ee3e162e70b81eabf2275a50a2e27cb11a7b14f18be951a8be3c12.exe

  • Size

    98KB

  • MD5

    9c7f5c15b94e9e1ad1301ffe3e69424f

  • SHA1

    b53adf7466534f9c0ec06f3ee9cf16f629b665ca

  • SHA256

    3fa98e5083ee3e162e70b81eabf2275a50a2e27cb11a7b14f18be951a8be3c12

  • SHA512

    456ae297445a7b0c92a3f2fd913c335e1d4085d9e54259ac1f27db18994669d6202cbb02fa2944bd58dd0e623a317c8a70801d7f2e3c82d4feb509a15025206a

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fa98e5083ee3e162e70b81eabf2275a50a2e27cb11a7b14f18be951a8be3c12.exe
    "C:\Users\Admin\AppData\Local\Temp\3fa98e5083ee3e162e70b81eabf2275a50a2e27cb11a7b14f18be951a8be3c12.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Users\Admin\AppData\Local\Temp\3fa98e5083ee3e162e70b81eabf2275a50a2e27cb11a7b14f18be951a8be3c12.exe
      "C:\Users\Admin\AppData\Local\Temp\3fa98e5083ee3e162e70b81eabf2275a50a2e27cb11a7b14f18be951a8be3c12.exe"
      2⤵
        PID:1680

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1680-55-0x0000000029A00000-0x0000000029A24000-memory.dmp
      Filesize

      144KB

    • memory/1680-56-0x0000000029A00000-0x0000000029A24000-memory.dmp
      Filesize

      144KB

    • memory/1680-58-0x0000000029A00000-0x0000000029A24000-memory.dmp
      Filesize

      144KB

    • memory/1680-61-0x0000000029A00000-0x0000000029A24000-memory.dmp
      Filesize

      144KB

    • memory/1680-64-0x0000000029A00000-0x0000000029A24000-memory.dmp
      Filesize

      144KB

    • memory/1680-67-0x0000000029A00000-0x0000000029A24000-memory.dmp
      Filesize

      144KB

    • memory/1680-69-0x0000000029A073F0-mapping.dmp
    • memory/1952-54-0x00000000765C1000-0x00000000765C3000-memory.dmp
      Filesize

      8KB