Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
16/01/2024, 13:06
Static task
static1
Behavioral task
behavioral1
Sample
5ff57070dd90b41f36b1ef93a6a67fe4.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
5ff57070dd90b41f36b1ef93a6a67fe4.exe
Resource
win10v2004-20231222-en
General
-
Target
5ff57070dd90b41f36b1ef93a6a67fe4.exe
-
Size
205KB
-
MD5
5ff57070dd90b41f36b1ef93a6a67fe4
-
SHA1
ed4202fae802286287728657bef968f0af69f84a
-
SHA256
6459d65f1805aa40f0c17bc9af65a25a9ac18967beaf3c7222b9443576f3fba2
-
SHA512
5cc90998d1606a08b476d11c9d5cee4cc6c164c99a3e7c2c019335b96dee9827691ee895422df1b717f27a5035ddefcd9007780c4573cb355eadc3ac7da090a0
-
SSDEEP
6144:mV9pkyOVSsPOBYdY5dARf7gxJBxrVjHkF6hB4D:tyOMZBL0RzUxVjHl4
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2328 wrote to memory of 2888 2328 5ff57070dd90b41f36b1ef93a6a67fe4.exe 28 PID 2328 wrote to memory of 2888 2328 5ff57070dd90b41f36b1ef93a6a67fe4.exe 28 PID 2328 wrote to memory of 2888 2328 5ff57070dd90b41f36b1ef93a6a67fe4.exe 28 PID 2328 wrote to memory of 2888 2328 5ff57070dd90b41f36b1ef93a6a67fe4.exe 28