Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/01/2024, 04:33

General

  • Target

    75f5cdb622910188abe5cbbc0fb0e2a392de42f2e6acd216c7e18d828793e1d2.exe

  • Size

    153KB

  • MD5

    4eef3d2844c306f144931026b7dad35c

  • SHA1

    9482d1aad6b914e6f70e5fca4bfb50f25ef08fd1

  • SHA256

    75f5cdb622910188abe5cbbc0fb0e2a392de42f2e6acd216c7e18d828793e1d2

  • SHA512

    ebb93f42a27fb0f5b523060e3a066fb12918385f1c4920056e9c7339e80d6bb76bc2b7aface8451d388ccc52f21e787a531286a8367e203d8852b7c59fd68c84

  • SSDEEP

    3072:IwzvOYZt5YP/aKavT/DvbhIi9N4SRbNI2B+JlIjDe7kal2n1TWl9o1B0C98CqtVS:7tiP/aK260mE/B+rC

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.1.99:4444

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

Processes

  • C:\Users\Admin\AppData\Local\Temp\75f5cdb622910188abe5cbbc0fb0e2a392de42f2e6acd216c7e18d828793e1d2.exe
    "C:\Users\Admin\AppData\Local\Temp\75f5cdb622910188abe5cbbc0fb0e2a392de42f2e6acd216c7e18d828793e1d2.exe"
    1⤵
      PID:2512

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2512-1-0x00000000001D0000-0x00000000001D1000-memory.dmp

            Filesize

            4KB

          • memory/2512-0-0x00000000001D0000-0x00000000001D1000-memory.dmp

            Filesize

            4KB