Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
21/01/2024, 09:42
Static task
static1
Behavioral task
behavioral1
Sample
6cfb3d1690dd55fcbed49bd9d71f73de.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6cfb3d1690dd55fcbed49bd9d71f73de.exe
Resource
win10v2004-20231215-en
General
-
Target
6cfb3d1690dd55fcbed49bd9d71f73de.exe
-
Size
26KB
-
MD5
6cfb3d1690dd55fcbed49bd9d71f73de
-
SHA1
1d18541de4a1bc7e5b982b9e6e8ed9c4c5889ff8
-
SHA256
7b8672965a72139ed8c5b5263e81f9d4f26d8d054c413ee9ff42f21514796973
-
SHA512
5e63a82617c8a9f014b708cfe621b3c112b56bd59bb4b160557505280534dc303448b3219f4dca054f96df7d58b1df2e5d93fde1a67a48f62531f8c50a523b72
-
SSDEEP
384:kWKoGr/p/YjKf7mjJe6Gz+10vq0GftpBjwEMMxT4bHRN7tldBMT4q:BKoGr/V7qEiCbM6bXMx
Malware Config
Extracted
metasploit
windows/single_exec
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2032 wrote to memory of 2856 2032 6cfb3d1690dd55fcbed49bd9d71f73de.exe 28 PID 2032 wrote to memory of 2856 2032 6cfb3d1690dd55fcbed49bd9d71f73de.exe 28 PID 2032 wrote to memory of 2856 2032 6cfb3d1690dd55fcbed49bd9d71f73de.exe 28 PID 2032 wrote to memory of 2856 2032 6cfb3d1690dd55fcbed49bd9d71f73de.exe 28