Overview
overview
10Static
static
112493ec6b5...ba.exe
windows7-x64
1012493ec6b5...ba.exe
windows10-2004-x64
109e7d06f01a...47.exe
windows7-x64
109e7d06f01a...47.exe
windows10-2004-x64
10c5b25a24f7...om.exe
windows7-x64
1c5b25a24f7...om.exe
windows10-2004-x64
1ce8bface0c...aa.exe
windows7-x64
10ce8bface0c...aa.exe
windows10-2004-x64
10Analysis
-
max time kernel
90s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
24-03-2023 12:02
Static task
static1
Behavioral task
behavioral1
Sample
12493ec6b59188a080961436130f4cba.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
12493ec6b59188a080961436130f4cba.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral3
Sample
9e7d06f01a6535531b6e098f6dd3eb47.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
9e7d06f01a6535531b6e098f6dd3eb47.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
c5b25a24f7112f1ee9300986004c45d9.com.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
c5b25a24f7112f1ee9300986004c45d9.com.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral7
Sample
ce8bface0c9e56ab96d4bc06b76083aa.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
ce8bface0c9e56ab96d4bc06b76083aa.exe
Resource
win10v2004-20230220-en
General
-
Target
12493ec6b59188a080961436130f4cba.exe
-
Size
250KB
-
MD5
12493ec6b59188a080961436130f4cba
-
SHA1
019c2e8f059291c9f9dc2958f8e1815b36e5e0ea
-
SHA256
9bfc115e306fd5de28d6392cb4303a9ee41890d6bb27da00d41e7b335eb0b72e
-
SHA512
0a270a9b7b3ee2004e6b3560e121047d93b3a8522b25591e2364abce65c4ef7afbdf8a9754220c04af63bafc2d4099ecb1e5f6293c27918b1944d06285316cfd
-
SSDEEP
3072:ac+uy5u8vGRlIqw+Xs8GBccgOrc57aOJqq5DYejipqi1fffffffffffffffffffh:ahXxv8le+rAF6st1fv
Malware Config
Extracted
metasploit
windows/download_exec
http://183.60.219.35:80/vue.min.js
- headers User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) Host: 360update.360.cn
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2876-133-0x00000000021D0000-0x00000000021D1000-memory.dmpFilesize
4KB