Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
19-09-2022 08:13
Behavioral task
behavioral1
Sample
3353325c1e7793113e703dde8eb59fd95a6b3bd8b9412fd861f1415af4b3ffa0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3353325c1e7793113e703dde8eb59fd95a6b3bd8b9412fd861f1415af4b3ffa0.exe
Resource
win10v2004-20220812-en
General
-
Target
3353325c1e7793113e703dde8eb59fd95a6b3bd8b9412fd861f1415af4b3ffa0.exe
-
Size
416KB
-
MD5
1c899730d4b08554daf3c2e0a75a7f3a
-
SHA1
3bfb20580f1c6d61b12688a8df5943f315fc18dd
-
SHA256
3353325c1e7793113e703dde8eb59fd95a6b3bd8b9412fd861f1415af4b3ffa0
-
SHA512
2cac01881456c9e78d3e76cabb4b18fc108a8a5a6c884692bc34c4c2806c31cfd3bcd65c7cf5e178e0ac65f40bf6f88c41ec50e0a8bff3fde7aa092273277e85
-
SSDEEP
12288:pbWm23htV4dEvM7IF7MwvFg5exc9X2qijc3rdtT:pbWm2336EvYGtg5ALqb
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/shell_reverse_tcp
79.138.104.162:443
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Processes:
resource yara_rule behavioral1/memory/900-55-0x00000000000C0000-0x00000000002C8000-memory.dmp upx