Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
21/01/2024, 12:28
Behavioral task
behavioral1
Sample
6d4fc5a4334070dd65778cb4d4984539.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6d4fc5a4334070dd65778cb4d4984539.exe
Resource
win10v2004-20231222-en
General
-
Target
6d4fc5a4334070dd65778cb4d4984539.exe
-
Size
101KB
-
MD5
6d4fc5a4334070dd65778cb4d4984539
-
SHA1
d2194e81a61de3315fb09c3680e41ca39b495f93
-
SHA256
3698200f475bf723b5c5c06c2aa65d269208bb3025c2746b9d1a3c7f4eb6b1eb
-
SHA512
54ebf102baf80a5524927d6ec833a03593099152c8f7332dbf06220c38fedf1e0cded62b12b48aba6e0c2e61bec8b291353e434ab4f96f25c3a4a302c0b3194f
-
SSDEEP
3072:9fhggHcWPfZEYHB/zm6s0qsWmlzeCDNJo2/hn5d1AB:XLrZESJqs5eIAB
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
45.76.149.208:7854
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 324 wrote to memory of 2408 324 6d4fc5a4334070dd65778cb4d4984539.exe 90 PID 324 wrote to memory of 2408 324 6d4fc5a4334070dd65778cb4d4984539.exe 90 PID 324 wrote to memory of 2408 324 6d4fc5a4334070dd65778cb4d4984539.exe 90 PID 324 wrote to memory of 2408 324 6d4fc5a4334070dd65778cb4d4984539.exe 90