Analysis

  • max time kernel
    95s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2024, 09:38

General

  • Target

    86d02d886c0a212a60f53df58b7bac220d749ad5d768e89ec309b85a40213f2a.exe

  • Size

    1.3MB

  • MD5

    985bc69b69dba192038b36a0bd076f6c

  • SHA1

    944b9a1e0109f452778814caa4c285cdfc3d191b

  • SHA256

    86d02d886c0a212a60f53df58b7bac220d749ad5d768e89ec309b85a40213f2a

  • SHA512

    5707a864d5e2869e7f9a500c220b8bf934519cfcd6b42126d921b818e855bd6b71657be8b99006ea424e8b8de53c4027fa9f4d5f9ead492fa668128db4882814

  • SSDEEP

    24576:kBM5UtYBimqHcWpEaX/q9qdAgCtDYhOD2mE9+m9yLOmH:kA0yDQa2mE9Zm

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://192.168.52.128:80/iWIS

Attributes
  • headers User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

Processes

  • C:\Users\Admin\AppData\Local\Temp\86d02d886c0a212a60f53df58b7bac220d749ad5d768e89ec309b85a40213f2a.exe
    "C:\Users\Admin\AppData\Local\Temp\86d02d886c0a212a60f53df58b7bac220d749ad5d768e89ec309b85a40213f2a.exe"
    1⤵
      PID:2396

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2396-0-0x00000000010B0000-0x00000000010B1000-memory.dmp

            Filesize

            4KB