Analysis
-
max time kernel
32s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
24-12-2022 06:46
Static task
static1
Behavioral task
behavioral1
Sample
smss.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
smss.dll
Resource
win10v2004-20221111-en
General
-
Target
smss.dll
-
Size
470KB
-
MD5
67ad0d987d0847de43a3f4083e8b4dc0
-
SHA1
db2a488ba826af425f3eff0de6b33fba4ec56669
-
SHA256
cb458362e56ace4b3f2859a2e340fa5afefcff4e46acff0ba5968a1d4c9e439e
-
SHA512
c141b6de5f84557e9395d21217eba23f3c650c2ac63ae2d73e426244381276f65011abdd9bd47c796bfb69e4f1daa9d6b9d60f38ecd12fcef9dce796f95ee457
-
SSDEEP
3072:wMyoPVCZYukejYCzAAwsg5hf7bKF+Gwwwwwwwwwwww:ryWQauklCzApsYf7s+
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2028 wrote to memory of 1716 2028 regsvr32.exe 28 PID 2028 wrote to memory of 1716 2028 regsvr32.exe 28 PID 2028 wrote to memory of 1716 2028 regsvr32.exe 28 PID 2028 wrote to memory of 1716 2028 regsvr32.exe 28 PID 2028 wrote to memory of 1716 2028 regsvr32.exe 28 PID 2028 wrote to memory of 1716 2028 regsvr32.exe 28 PID 2028 wrote to memory of 1716 2028 regsvr32.exe 28