Analysis
-
max time kernel
107s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29-03-2024 12:02
Static task
static1
Behavioral task
behavioral1
Sample
f2c13921364a34be545c541435cb32f20a4e7c869a469fd6276277769ef8c997.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f2c13921364a34be545c541435cb32f20a4e7c869a469fd6276277769ef8c997.exe
Resource
win10v2004-20231215-en
General
-
Target
f2c13921364a34be545c541435cb32f20a4e7c869a469fd6276277769ef8c997.exe
-
Size
14KB
-
MD5
3780e329d00111af176f2a10e79bfe80
-
SHA1
0e9e6b9c8bdfdfd6c3a0e3e47ba8daffa0cd7c59
-
SHA256
f2c13921364a34be545c541435cb32f20a4e7c869a469fd6276277769ef8c997
-
SHA512
6f5655dc9aa57af8266e2289713b5463078e76899527b472a232f7abb45748ced97d457bbb0b56d79267c465ca0c92453d5547c6af7ebe6f352e049d4615510f
-
SSDEEP
192:J3mbPYCfMcrfOIoILc0w8wOmLCVgq8ejDMN1:wMCfrf5L5w8NmOVgHeUN1
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
192.168.2.105:14444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 2972 3156 WerFault.exe f2c13921364a34be545c541435cb32f20a4e7c869a469fd6276277769ef8c997.exe 2752 3156 WerFault.exe f2c13921364a34be545c541435cb32f20a4e7c869a469fd6276277769ef8c997.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f2c13921364a34be545c541435cb32f20a4e7c869a469fd6276277769ef8c997.exe"C:\Users\Admin\AppData\Local\Temp\f2c13921364a34be545c541435cb32f20a4e7c869a469fd6276277769ef8c997.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 2242⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 1522⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3156 -ip 31561⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3156 -ip 31561⤵