Analysis
-
max time kernel
150s -
max time network
179s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
21/01/2024, 20:13
Behavioral task
behavioral1
Sample
6dec26f0b940922cd19a70cd924bc03b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6dec26f0b940922cd19a70cd924bc03b.exe
Resource
win10v2004-20231215-en
General
-
Target
6dec26f0b940922cd19a70cd924bc03b.exe
-
Size
11KB
-
MD5
6dec26f0b940922cd19a70cd924bc03b
-
SHA1
f45bc228e7f2112813e225dab3ace55dbaeb30d5
-
SHA256
c763aa7320263dd9b74bf1880e03c0abbddf75a583380c3ebe4f0221fe783268
-
SHA512
0347e5f60200900741e384df9a08eade82f0bb3e4ec3ffff372826cdd7fbc6ec020c59756d359c19de044da3e0ff73c674ac01bcb1739d8606f9c50d230f2d80
-
SSDEEP
96:FY68P5xgyu+DYVF7q76Fo6vhRi37km8HgD0/a9yvH1g6cNdaXc78OlO:qbTGYGacirkm8SIs0Vg5qcAOc
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Program crash 1 IoCs
pid pid_target Process procid_target 2512 2304 WerFault.exe 37
Processes
-
C:\Users\Admin\AppData\Local\Temp\6dec26f0b940922cd19a70cd924bc03b.exe"C:\Users\Admin\AppData\Local\Temp\6dec26f0b940922cd19a70cd924bc03b.exe"1⤵PID:2304
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 12122⤵
- Program crash
PID:2512
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2304 -ip 23041⤵PID:3616