Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    21/01/2024, 17:23

General

  • Target

    6d988bbda5ef54637b3ea71bf4e1c20a.exe

  • Size

    3.1MB

  • MD5

    6d988bbda5ef54637b3ea71bf4e1c20a

  • SHA1

    310d5d20d0153e95b2d4510effebe7b74e0cd351

  • SHA256

    39fe6e7592a827fba416a4f7b1f510fceee01b0630e6e64ec11a59c178e1eb9a

  • SHA512

    d1c77763704b3ed58e847857bc698df37a13faf89a794a6a3a9900b9ac6ae537f4cfaa2f3666be6454775ada81c7dee9647d31d78e55e1d8f3fa367cba5b7e12

  • SSDEEP

    98304:/Hg8TE77SlPLeqNZ8hY/DZpLsA1LCX1lnBDH9yqLrrIF:/gkEylPKQ8hY/l2A0XHn5MF

Malware Config

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Loads dropped DLL 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6d988bbda5ef54637b3ea71bf4e1c20a.exe
    "C:\Users\Admin\AppData\Local\Temp\6d988bbda5ef54637b3ea71bf4e1c20a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Users\Admin\AppData\Local\Temp\6d988bbda5ef54637b3ea71bf4e1c20a.exe
      "C:\Users\Admin\AppData\Local\Temp\6d988bbda5ef54637b3ea71bf4e1c20a.exe"
      2⤵
      • Loads dropped DLL
      PID:2196

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI19682\payload.exe.manifest

          Filesize

          1KB

          MD5

          c6448fee978bae358e5b4fac9245e0fc

          SHA1

          dbd9ff334cefbc1d5f534b0b80e6217f2524f766

          SHA256

          4ba2fd7a4774518d5b0023eca95f9962cc5ffa06d98ffa64885ae31f36291d65

          SHA512

          6450b3fe57b2661ecdbffe4c70f8900383ebb49eea4bc2cbb36f49fa5f6118e7fda75a7f046db4d6408414c5369e5241d8f72d45d2845d918cf1e5900c1c8648

        • C:\Users\Admin\AppData\Local\Temp\_MEI19682\python27.dll

          Filesize

          2.3MB

          MD5

          60248140a9298365d072d8f2af9bbb7f

          SHA1

          a1fdffd3fcb3622e1debec517c311b300098a81a

          SHA256

          388604ebd2568016e298082c723b077f0e58d4207eb4746572a04d7f15fbe98f

          SHA512

          8208691f1e08d851a0bb8698424869013070d25b21d74157e7c01b691f88b5fe6f05072ae46fb943af7d0a2b4b8b86b7a0b81c89525a04f8a5b3d946b9fa3b3a

        • C:\Users\Admin\AppData\Local\Temp\_MEI19~1\Crypto.Cipher._AES.pyd

          Filesize

          28KB

          MD5

          dd3db5480eb52e8f69d47f3b725e6bfb

          SHA1

          cb14cda7f5e3e2b88c823e4d15643680398b361e

          SHA256

          51054f4d28782b6698b1b6510317650e797e11f87fa29fceaf8559b6bcbf4dfe

          SHA512

          c94216dcd0dc3000304b2b4704dd29bfeed35c9b6158d3ff1cc86084a1753060b72bd48678d5662c8e10205e1a866361f7a455f177dbf364814ee317679bff23

        • C:\Users\Admin\AppData\Local\Temp\_MEI19~1\_ctypes.pyd

          Filesize

          86KB

          MD5

          c5422db93c5fd74e09db36ddf975da9e

          SHA1

          023c33abd230ff3a546283da64a782eb9a7d257d

          SHA256

          96846a901d0d793fb77ff0b6488a904dc675a8d5273a442888d41d9a32bb845b

          SHA512

          169456c06a7e7c3bd63bfa0c88a90a0bbbf9866f142d103b8c2ca31507fa86e0782d76406b5769defd02323d2df6eaaab42559b9437668d466e370414d96a962

        • memory/1968-20-0x0000000000400000-0x0000000000430000-memory.dmp

          Filesize

          192KB

        • memory/1968-50-0x0000000000400000-0x0000000000430000-memory.dmp

          Filesize

          192KB

        • memory/2196-19-0x00000000003D0000-0x00000000003D1000-memory.dmp

          Filesize

          4KB

        • memory/2196-21-0x0000000000400000-0x0000000000430000-memory.dmp

          Filesize

          192KB

        • memory/2196-41-0x0000000000400000-0x0000000000430000-memory.dmp

          Filesize

          192KB