Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
07-12-2023 18:23
General
-
Target
b41aa54fd3e8370d0d1b2d0012365d76390331ee15e327949b4f924fe6791577.exe
-
Size
15KB
-
MD5
b88c5256cae24cd32719acf6cb037176
-
SHA1
6527b5bcb5d2968df8bae481ed10d1c7bf4989de
-
SHA256
b41aa54fd3e8370d0d1b2d0012365d76390331ee15e327949b4f924fe6791577
-
SHA512
180323d0cb9a584bd57e92659c5af24b2fd1aaaf9c3172c99a1fffcee0ede05fc3e2ace2ea4927847ebcb69257d626cd303c6839b39bd4d1305ddee044e1c32c
-
SSDEEP
384:NTne2DpbPjFCKoyftfJtLgwrPja403fCMGX0Q7md+:npbBCaftf3gwrW4+fzWV7md
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/download_exec
C2
http://192.168.108.132:80/Queue/insurance/FIOP2E2XV269
Attributes
- headers Accept: application/json, application/xhtml+xml, application/xml Accept-Language: ro-md Accept-Encoding: compress, br User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
Processes
-
C:\Users\Admin\AppData\Local\Temp\b41aa54fd3e8370d0d1b2d0012365d76390331ee15e327949b4f924fe6791577.exe"C:\Users\Admin\AppData\Local\Temp\b41aa54fd3e8370d0d1b2d0012365d76390331ee15e327949b4f924fe6791577.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB