Analysis
-
max time kernel
140s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
07/01/2024, 19:37
Behavioral task
behavioral1
Sample
adb5379a6e7909e2380a29f306eb5dc1.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
adb5379a6e7909e2380a29f306eb5dc1.exe
Resource
win10v2004-20231215-en
General
-
Target
adb5379a6e7909e2380a29f306eb5dc1.exe
-
Size
90KB
-
MD5
adb5379a6e7909e2380a29f306eb5dc1
-
SHA1
b250cec7c1462f972d10772d199cd9ab4082cda5
-
SHA256
3e9bf6ea0933dff4f6d8c7636f9b5431a4254cc91cdc8c44fdf2c17015214da4
-
SHA512
f0a721a9f25e16336005cf873eba1795bc43d8e1504002fee1f3eefb5b860175786fd6d6e025f0481b9b378a66339f8a0d5b175043c4e9e2027ca0adebcdf645
-
SSDEEP
1536:XDcjVohEwitwUV3fG+++++++++++++++++++++++++++++++++++++++++eJi8j:IPtZG++++++++++++++++++++++++++z
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/download_exec
http://192.168.1.21:443/INITM
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Program crash 2 IoCs
pid pid_target Process procid_target 1700 5116 WerFault.exe 91 5048 5116 WerFault.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\adb5379a6e7909e2380a29f306eb5dc1.exe"C:\Users\Admin\AppData\Local\Temp\adb5379a6e7909e2380a29f306eb5dc1.exe"1⤵PID:5116
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 2242⤵
- Program crash
PID:1700
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 2282⤵
- Program crash
PID:5048
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5116 -ip 51161⤵PID:1736
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5116 -ip 51161⤵PID:3704