Behavioral task
behavioral1
Sample
hysfors.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
hysfors.exe
Resource
win10v2004-20231215-en
General
-
Target
hysfors.exe
-
Size
7KB
-
MD5
7d6b7776f22725f3243703591047788d
-
SHA1
28832497e392e267ddd8380af02b6c9e651364eb
-
SHA256
b53b37a5d6609f40c61ed710042efc401b6e374eb8e43d0d6168cdbd3f6295da
-
SHA512
146ad8f087ee6441c8a4e4f6672f0efbc732eb585b2f4dee2126fd8276517584e88615a2c442652bf06e321b5c64e1f6a2c865e63dca8409470aecf312580c81
-
SSDEEP
24:eFGStrJ9u0/6FanZdkBQAV2oOxfYKZqxeNDMSCvOXpmB:is0MSkBQhxwvSD9C2kB
Malware Config
Extracted
metasploit
metasploit_stager
193.161.193.99:44039
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource hysfors.exe
Files
-
hysfors.exe.exe windows:4 windows x64 arch:x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.ebzd Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE