Analysis
-
max time kernel
202s -
max time network
207s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-07-2022 16:43
General
-
Target
6c29bc08b1c4fe8692e8f830ff8c4df61d8cecec91890317dff93fb48c08792b.exe
-
Size
82KB
-
MD5
f7c54c6e608ac30220ef843fe4fcf67f
-
SHA1
6cd64f73a6c4cb32c2c7fe11ade0c8498759a7da
-
SHA256
6c29bc08b1c4fe8692e8f830ff8c4df61d8cecec91890317dff93fb48c08792b
-
SHA512
775b321edef3fa709b713c285b2b97635b9c538f799c4e33c6e99d96821f23d2427c1dbff84a5ba3a73868f67ad7dd4e8a6e1529c3e34b05cf2d0f7a4eee39a3
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
encoder/shikata_ga_nai
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Program crash 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6c29bc08b1c4fe8692e8f830ff8c4df61d8cecec91890317dff93fb48c08792b.exe"C:\Users\Admin\AppData\Local\Temp\6c29bc08b1c4fe8692e8f830ff8c4df61d8cecec91890317dff93fb48c08792b.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 2642⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 2842⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3532 -ip 35321⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3532 -ip 35321⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3532-130-0x0000000001000000-0x0000000001017D00-memory.dmpFilesize
95KB