Analysis
-
max time kernel
127s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
01-08-2022 12:19
Static task
static1
Behavioral task
behavioral1
Sample
ConsoleApplication1.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
ConsoleApplication1.exe
Resource
win10v2004-20220721-en
General
-
Target
ConsoleApplication1.exe
-
Size
217KB
-
MD5
025dbff7c94ef9e64423d54b6d05dbce
-
SHA1
e07830227a0dcb6b0c7a13296b998df7e52f4223
-
SHA256
cde0bfdfaa2a53c3a39c4f4776b5167cf7273315be468cf22294780a3a568831
-
SHA512
bff01dd6e3a8f08c6b9b72f766867dbda87a36612cdeca963fd9063a02c680d65b3c84ebd0a54edebc1bd01b6452b686ce27eedcc647f84e881bcb5ca84d8dd4
Malware Config
Extracted
metasploit
windows/download_exec
http://service-2ct860nd-1312989509.sh.apigw.tencentcs.com:443/vue.min.js
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
ConsoleApplication1.exedescription pid process target process PID 2804 wrote to memory of 4564 2804 ConsoleApplication1.exe svchost.exe PID 2804 wrote to memory of 4564 2804 ConsoleApplication1.exe svchost.exe PID 2804 wrote to memory of 4564 2804 ConsoleApplication1.exe svchost.exe PID 2804 wrote to memory of 4564 2804 ConsoleApplication1.exe svchost.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4564-130-0x0000000000000000-mapping.dmp