Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
07-12-2023 18:23
Static task
static1
Behavioral task
behavioral1
Sample
b41aa54fd3e8370d0d1b2d0012365d76390331ee15e327949b4f924fe6791577.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
b41aa54fd3e8370d0d1b2d0012365d76390331ee15e327949b4f924fe6791577.exe
Resource
win10v2004-20231127-en
General
-
Target
b41aa54fd3e8370d0d1b2d0012365d76390331ee15e327949b4f924fe6791577.exe
-
Size
15KB
-
MD5
b88c5256cae24cd32719acf6cb037176
-
SHA1
6527b5bcb5d2968df8bae481ed10d1c7bf4989de
-
SHA256
b41aa54fd3e8370d0d1b2d0012365d76390331ee15e327949b4f924fe6791577
-
SHA512
180323d0cb9a584bd57e92659c5af24b2fd1aaaf9c3172c99a1fffcee0ede05fc3e2ace2ea4927847ebcb69257d626cd303c6839b39bd4d1305ddee044e1c32c
-
SSDEEP
384:NTne2DpbPjFCKoyftfJtLgwrPja403fCMGX0Q7md+:npbBCaftf3gwrW4+fzWV7md
Malware Config
Extracted
metasploit
windows/download_exec
http://192.168.108.132:80/Queue/insurance/FIOP2E2XV269
- headers Accept: application/json, application/xhtml+xml, application/xml Accept-Language: ro-md Accept-Encoding: compress, br User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.