Analysis
-
max time kernel
137s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
21/01/2024, 17:23
Behavioral task
behavioral1
Sample
6d988bbda5ef54637b3ea71bf4e1c20a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6d988bbda5ef54637b3ea71bf4e1c20a.exe
Resource
win10v2004-20231222-en
General
-
Target
6d988bbda5ef54637b3ea71bf4e1c20a.exe
-
Size
3.1MB
-
MD5
6d988bbda5ef54637b3ea71bf4e1c20a
-
SHA1
310d5d20d0153e95b2d4510effebe7b74e0cd351
-
SHA256
39fe6e7592a827fba416a4f7b1f510fceee01b0630e6e64ec11a59c178e1eb9a
-
SHA512
d1c77763704b3ed58e847857bc698df37a13faf89a794a6a3a9900b9ac6ae537f4cfaa2f3666be6454775ada81c7dee9647d31d78e55e1d8f3fa367cba5b7e12
-
SSDEEP
98304:/Hg8TE77SlPLeqNZ8hY/DZpLsA1LCX1lnBDH9yqLrrIF:/gkEylPKQ8hY/l2A0XHn5MF
Malware Config
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Loads dropped DLL 3 IoCs
pid Process 4460 6d988bbda5ef54637b3ea71bf4e1c20a.exe 4460 6d988bbda5ef54637b3ea71bf4e1c20a.exe 4460 6d988bbda5ef54637b3ea71bf4e1c20a.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3096 wrote to memory of 4460 3096 6d988bbda5ef54637b3ea71bf4e1c20a.exe 88 PID 3096 wrote to memory of 4460 3096 6d988bbda5ef54637b3ea71bf4e1c20a.exe 88 PID 3096 wrote to memory of 4460 3096 6d988bbda5ef54637b3ea71bf4e1c20a.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\6d988bbda5ef54637b3ea71bf4e1c20a.exe"C:\Users\Admin\AppData\Local\Temp\6d988bbda5ef54637b3ea71bf4e1c20a.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3096 -
C:\Users\Admin\AppData\Local\Temp\6d988bbda5ef54637b3ea71bf4e1c20a.exe"C:\Users\Admin\AppData\Local\Temp\6d988bbda5ef54637b3ea71bf4e1c20a.exe"2⤵
- Loads dropped DLL
PID:4460
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD5dd3db5480eb52e8f69d47f3b725e6bfb
SHA1cb14cda7f5e3e2b88c823e4d15643680398b361e
SHA25651054f4d28782b6698b1b6510317650e797e11f87fa29fceaf8559b6bcbf4dfe
SHA512c94216dcd0dc3000304b2b4704dd29bfeed35c9b6158d3ff1cc86084a1753060b72bd48678d5662c8e10205e1a866361f7a455f177dbf364814ee317679bff23
-
Filesize
1KB
MD5c6448fee978bae358e5b4fac9245e0fc
SHA1dbd9ff334cefbc1d5f534b0b80e6217f2524f766
SHA2564ba2fd7a4774518d5b0023eca95f9962cc5ffa06d98ffa64885ae31f36291d65
SHA5126450b3fe57b2661ecdbffe4c70f8900383ebb49eea4bc2cbb36f49fa5f6118e7fda75a7f046db4d6408414c5369e5241d8f72d45d2845d918cf1e5900c1c8648
-
Filesize
1.5MB
MD5c73b05508232fcabf58f3850b8ac64b4
SHA16606108eb929b91fc6edab9df3abd81620764765
SHA256ed2ce8b40b7025267344f0773d694b980ffa7810e0b57e6dca105e1d7925a673
SHA5124967950fdfdf94b8f974cc232049e8340f7be7259a125777a21b890a9064ce81a31a47d5ca72b6d3335e7b6a10dee4f58a3a66814634f162ab75d60cf46b6d4b
-
Filesize
1018KB
MD59b3f51bc28c17558f24f040daeaa7ec8
SHA1faf6f5da4a10c0b197b03c87b4cc1b656e74ac40
SHA2568d12d1c65a8c3f448d71268b4d000d9227f6ed4c50b433f2d81c4445e8f55559
SHA512cdb41db1879a6299f0dabe9d4e15efa6e969f73879cd986ae537d25926cdca648345570e6afa7f835200f9fb63177e3180d7e7ac5cd60c7ac42f23239700d7fd
-
Filesize
86KB
MD5c5422db93c5fd74e09db36ddf975da9e
SHA1023c33abd230ff3a546283da64a782eb9a7d257d
SHA25696846a901d0d793fb77ff0b6488a904dc675a8d5273a442888d41d9a32bb845b
SHA512169456c06a7e7c3bd63bfa0c88a90a0bbbf9866f142d103b8c2ca31507fa86e0782d76406b5769defd02323d2df6eaaab42559b9437668d466e370414d96a962