Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    21/01/2024, 20:13

General

  • Target

    6dec26f0b940922cd19a70cd924bc03b.exe

  • Size

    11KB

  • MD5

    6dec26f0b940922cd19a70cd924bc03b

  • SHA1

    f45bc228e7f2112813e225dab3ace55dbaeb30d5

  • SHA256

    c763aa7320263dd9b74bf1880e03c0abbddf75a583380c3ebe4f0221fe783268

  • SHA512

    0347e5f60200900741e384df9a08eade82f0bb3e4ec3ffff372826cdd7fbc6ec020c59756d359c19de044da3e0ff73c674ac01bcb1739d8606f9c50d230f2d80

  • SSDEEP

    96:FY68P5xgyu+DYVF7q76Fo6vhRi37km8HgD0/a9yvH1g6cNdaXc78OlO:qbTGYGacirkm8SIs0Vg5qcAOc

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6dec26f0b940922cd19a70cd924bc03b.exe
    "C:\Users\Admin\AppData\Local\Temp\6dec26f0b940922cd19a70cd924bc03b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 36
      2⤵
      • Program crash
      PID:2868

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2428-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB