Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
21/01/2024, 20:13
Behavioral task
behavioral1
Sample
6dec26f0b940922cd19a70cd924bc03b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6dec26f0b940922cd19a70cd924bc03b.exe
Resource
win10v2004-20231215-en
General
-
Target
6dec26f0b940922cd19a70cd924bc03b.exe
-
Size
11KB
-
MD5
6dec26f0b940922cd19a70cd924bc03b
-
SHA1
f45bc228e7f2112813e225dab3ace55dbaeb30d5
-
SHA256
c763aa7320263dd9b74bf1880e03c0abbddf75a583380c3ebe4f0221fe783268
-
SHA512
0347e5f60200900741e384df9a08eade82f0bb3e4ec3ffff372826cdd7fbc6ec020c59756d359c19de044da3e0ff73c674ac01bcb1739d8606f9c50d230f2d80
-
SSDEEP
96:FY68P5xgyu+DYVF7q76Fo6vhRi37km8HgD0/a9yvH1g6cNdaXc78OlO:qbTGYGacirkm8SIs0Vg5qcAOc
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Program crash 1 IoCs
pid pid_target Process procid_target 2868 2428 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2428 wrote to memory of 2868 2428 6dec26f0b940922cd19a70cd924bc03b.exe 28 PID 2428 wrote to memory of 2868 2428 6dec26f0b940922cd19a70cd924bc03b.exe 28 PID 2428 wrote to memory of 2868 2428 6dec26f0b940922cd19a70cd924bc03b.exe 28 PID 2428 wrote to memory of 2868 2428 6dec26f0b940922cd19a70cd924bc03b.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\6dec26f0b940922cd19a70cd924bc03b.exe"C:\Users\Admin\AppData\Local\Temp\6dec26f0b940922cd19a70cd924bc03b.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2428 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 362⤵
- Program crash
PID:2868
-