Analysis
-
max time kernel
117s -
max time network
111s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29-08-2022 05:44
Behavioral task
behavioral1
Sample
0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf.exe
Resource
win10v2004-20220812-en
General
-
Target
0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf.exe
-
Size
5.1MB
-
MD5
cd672c7ba4c52f344deb51e93d629640
-
SHA1
6e599f3fa6293f6933f6007c2b03912514cf75cd
-
SHA256
0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf
-
SHA512
6606d1a2578a2e5585e4951cf5c7efa1e400a040ced6d72cc917454d56625e7f218274ec4c0e2496cd141b205f7103573a057d882a4dd62878a251bf3392316a
-
SSDEEP
98304:OpZJ27oEqTbDTzuSP+VWuONh9uhqeLJRo8OiqPP0u3FuPNM2UzlzU9V2MwZX8CMS:y27oEqrTwVWuwEhNEZpX0u30PpUzlzwa
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/shell_reverse_tcp
192.168.9.142:4444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Processes:
resource yara_rule behavioral1/memory/1656-55-0x0000000000400000-0x0000000000C89000-memory.dmp vmprotect behavioral1/memory/1656-57-0x0000000000400000-0x0000000000C89000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf.exepid process 1656 0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf.exe 1656 0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf.exe