Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
21/01/2024, 18:33
Behavioral task
behavioral1
Sample
6dbae43b6b660686a6f1a930e563d489.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6dbae43b6b660686a6f1a930e563d489.exe
Resource
win10v2004-20231215-en
General
-
Target
6dbae43b6b660686a6f1a930e563d489.exe
-
Size
31KB
-
MD5
6dbae43b6b660686a6f1a930e563d489
-
SHA1
edbdb91b62d5737f45a90401fb86496e31d33128
-
SHA256
7de5fe61004b4749ce8ab2fecd7b6e3bb0929fcce7c82cd409e1c188ee169f30
-
SHA512
c4346bcffff3c67ea015cca7b2bda7ca6525402f58ec3969aaee70e63d408d08d10a98f6bb51d96bdc8f20a5971d926505cffba383c5451d46c43aa9fd69942b
-
SSDEEP
768:3Q7FB+TXBS0ChfN7d63yp79R7u674iGSNTq6:3euTgrD7d0u9R7ui7I6
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
resource yara_rule behavioral2/memory/2088-0-0x0000000000400000-0x000000000048B000-memory.dmp upx behavioral2/memory/2088-3-0x0000000000400000-0x000000000048B000-memory.dmp upx -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\csrsc.exe 6dbae43b6b660686a6f1a930e563d489.exe File opened for modification C:\Windows\SysWOW64\csrsc.exe 6dbae43b6b660686a6f1a930e563d489.exe