Analysis
-
max time kernel
143s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/01/2024, 14:59
Static task
static1
Behavioral task
behavioral1
Sample
6fb9889ed859c8a6d9849c67e1746d31.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6fb9889ed859c8a6d9849c67e1746d31.exe
Resource
win10v2004-20231215-en
General
-
Target
6fb9889ed859c8a6d9849c67e1746d31.exe
-
Size
67KB
-
MD5
6fb9889ed859c8a6d9849c67e1746d31
-
SHA1
13b3db60fc92869d0bc44675def0d702f4d5c371
-
SHA256
dd0a435c0752a91e83a9d5fffb4bb67d491cab64fc0ce01f60f743c93ddaca1a
-
SHA512
57c9829f08d4cfc2acaa9dc4988dcb203016385d4d2ad4d2465931785f32f73de7f49a23e08b34c556057a306c0a7278073e1e19ed7fafba9f2598832c10f4d8
-
SSDEEP
1536:dG58Frcs1eQ9V3Y19BPBifRefYMJUEbooPRrKKRl1P3:d3FrzxH+BPBifRefVJltZrpRl1P3
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Program crash 2 IoCs
pid pid_target Process procid_target 5072 4828 WerFault.exe 83 2812 4828 WerFault.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\6fb9889ed859c8a6d9849c67e1746d31.exe"C:\Users\Admin\AppData\Local\Temp\6fb9889ed859c8a6d9849c67e1746d31.exe"1⤵PID:4828
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 5762⤵
- Program crash
PID:5072
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 5842⤵
- Program crash
PID:2812
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4828 -ip 48281⤵PID:2132
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4828 -ip 48281⤵PID:3588