Analysis
-
max time kernel
152s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
30-06-2022 18:04
General
-
Target
28435fa2051fa4bf5425d52b5c1b16781e4b2553be726b152796eaf9d1d49581.exe
-
Size
2.9MB
-
MD5
6056cb47164323c9bacfea777afffe0f
-
SHA1
678e3415cad90165942024bb1a00a886685f1b83
-
SHA256
28435fa2051fa4bf5425d52b5c1b16781e4b2553be726b152796eaf9d1d49581
-
SHA512
5616f5cc04221b676cdb21ae2c3283fbb64f8435c5ab18ba9f310f916675c5ba0b919fa03e2bba79da346cea6a0ece0b385866916a77ee941152becac8c842d8
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/shell_reverse_tcp
C2
192.168.10.3:5555
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Program crash 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\28435fa2051fa4bf5425d52b5c1b16781e4b2553be726b152796eaf9d1d49581.exe"C:\Users\Admin\AppData\Local\Temp\28435fa2051fa4bf5425d52b5c1b16781e4b2553be726b152796eaf9d1d49581.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 3842⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 3842⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 4332 -ip 43321⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2304-131-0x0000000000000000-mapping.dmp
-
memory/4332-130-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/4332-132-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB