Analysis

  • max time kernel
    158s
  • max time network
    272s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2024, 02:41

General

  • Target

    hysfors.exe

  • Size

    7KB

  • MD5

    7d6b7776f22725f3243703591047788d

  • SHA1

    28832497e392e267ddd8380af02b6c9e651364eb

  • SHA256

    b53b37a5d6609f40c61ed710042efc401b6e374eb8e43d0d6168cdbd3f6295da

  • SHA512

    146ad8f087ee6441c8a4e4f6672f0efbc732eb585b2f4dee2126fd8276517584e88615a2c442652bf06e321b5c64e1f6a2c865e63dca8409470aecf312580c81

  • SSDEEP

    24:eFGStrJ9u0/6FanZdkBQAV2oOxfYKZqxeNDMSCvOXpmB:is0MSkBQhxwvSD9C2kB

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

193.161.193.99:44039

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

Processes

  • C:\Users\Admin\AppData\Local\Temp\hysfors.exe
    "C:\Users\Admin\AppData\Local\Temp\hysfors.exe"
    1⤵
      PID:3260

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3260-0-0x0000000140000000-0x0000000140004278-memory.dmp

            Filesize

            16KB