Analysis
-
max time kernel
88s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
31-07-2022 20:27
Behavioral task
behavioral1
Sample
7e62df2b565cc1c15eb4cad946effb8e981211383a459ddc7147d46a68c9f05a.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
7e62df2b565cc1c15eb4cad946effb8e981211383a459ddc7147d46a68c9f05a.exe
Resource
win10v2004-20220721-en
General
-
Target
7e62df2b565cc1c15eb4cad946effb8e981211383a459ddc7147d46a68c9f05a.exe
-
Size
63KB
-
MD5
5e60a735afb32c3b19b186170964ffb9
-
SHA1
85e5c44b173b26791e0d5304f2028111250cb092
-
SHA256
7e62df2b565cc1c15eb4cad946effb8e981211383a459ddc7147d46a68c9f05a
-
SHA512
10b3a05a5fdcb93b80aaf832f315661576e7698b354997dc8f050295c1de8b021cef986cc3bdae8cf65125bca3db9882daeba211e6ff52d10fecfbd17cf92a67
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Processes:
resource yara_rule behavioral2/memory/3364-130-0x0000000000400000-0x0000000000492000-memory.dmp upx behavioral2/memory/3364-131-0x0000000000400000-0x0000000000492000-memory.dmp upx -
Drops file in System32 directory 2 IoCs
Processes:
7e62df2b565cc1c15eb4cad946effb8e981211383a459ddc7147d46a68c9f05a.exedescription ioc process File created C:\Windows\SysWOW64\csrsc.exe 7e62df2b565cc1c15eb4cad946effb8e981211383a459ddc7147d46a68c9f05a.exe File opened for modification C:\Windows\SysWOW64\csrsc.exe 7e62df2b565cc1c15eb4cad946effb8e981211383a459ddc7147d46a68c9f05a.exe