Analysis
-
max time kernel
90s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-07-2022 18:00
Static task
static1
Behavioral task
behavioral1
Sample
d2830c494cbcc609d0a43beaeceb6140dfd5c49f9b6b4059ad2e6c1d1d48545c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
d2830c494cbcc609d0a43beaeceb6140dfd5c49f9b6b4059ad2e6c1d1d48545c.exe
Resource
win10v2004-20220414-en
General
-
Target
d2830c494cbcc609d0a43beaeceb6140dfd5c49f9b6b4059ad2e6c1d1d48545c.exe
-
Size
8KB
-
MD5
d4f133f02ca02739e373cbc8f0826691
-
SHA1
ea30e89f0c838858675aa1e5015f8c580ff9c713
-
SHA256
d2830c494cbcc609d0a43beaeceb6140dfd5c49f9b6b4059ad2e6c1d1d48545c
-
SHA512
5ce434adffde5b3745f8fa97a9d10933672fe2949c1a039fdc253b8e1c09559e3cb40c0996395c414d5f708002044a05472c71eeb8618d832e80231439f6c870
Malware Config
Extracted
metasploit
windows/download_exec
http://193.37.215.110:801/iALf
- headers User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0)
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Processes:
resource yara_rule behavioral2/memory/2120-130-0x0000000000400000-0x000000000040D000-memory.dmp upx behavioral2/memory/2120-131-0x0000000000400000-0x000000000040D000-memory.dmp upx