Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
-
submitted
01-08-2022 12:19
General
-
Target
ConsoleApplication1.exe
-
Size
217KB
-
MD5
025dbff7c94ef9e64423d54b6d05dbce
-
SHA1
e07830227a0dcb6b0c7a13296b998df7e52f4223
-
SHA256
cde0bfdfaa2a53c3a39c4f4776b5167cf7273315be468cf22294780a3a568831
-
SHA512
bff01dd6e3a8f08c6b9b72f766867dbda87a36612cdeca963fd9063a02c680d65b3c84ebd0a54edebc1bd01b6452b686ce27eedcc647f84e881bcb5ca84d8dd4
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/download_exec
C2
http://service-2ct860nd-1312989509.sh.apigw.tencentcs.com:443/vue.min.js
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ConsoleApplication1.exe"C:\Users\Admin\AppData\Local\Temp\ConsoleApplication1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exe"C:\Windows\System32\svchost.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1916-54-0x0000000000000000-mapping.dmp