Analysis
-
max time kernel
121s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 11:56
Behavioral task
behavioral1
Sample
353ff2e9ea0bd7c4aef52a6e97203eca.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
353ff2e9ea0bd7c4aef52a6e97203eca.exe
Resource
win10v2004-20231215-en
General
-
Target
353ff2e9ea0bd7c4aef52a6e97203eca.exe
-
Size
4.8MB
-
MD5
353ff2e9ea0bd7c4aef52a6e97203eca
-
SHA1
9c3643b0c9a307344f315c26b9e4c55b81884587
-
SHA256
f914d5adb55e8a535e48e6d02b987c05b3b9471ec0cf33756c2029c4145cd988
-
SHA512
818f728dabcdaa321d93bb6310ebb2f466d9e0ce9124157874f4791c683c1e8cabc14789584d071877624987f2818bfae59a7bb1705f70ea999d7fc58212fc5c
-
SSDEEP
98304:yEUT1j6aSywz9y1qrpmJhhhevgTir8Trk/MmSFsun:yEUhj63z9EqNQE4i4f9
Malware Config
Extracted
metasploit
windows/reverse_tcp
127.0.0.1:1234
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
resource yara_rule behavioral1/memory/2080-3-0x0000000000400000-0x0000000000B9A000-memory.dmp vmprotect behavioral1/memory/2080-6-0x0000000000400000-0x0000000000B9A000-memory.dmp vmprotect behavioral1/memory/2080-11-0x0000000000400000-0x0000000000B9A000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2080 353ff2e9ea0bd7c4aef52a6e97203eca.exe