Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-03-2024 11:45
Static task
static1
Behavioral task
behavioral1
Sample
登录器.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
登录器.exe
Resource
win10v2004-20240226-en
General
-
Target
登录器.exe
-
Size
1.8MB
-
MD5
2301e95e1b899d97b7ae33053d478785
-
SHA1
cb12c16c8152264fb051dd76d67e098c099b8ce9
-
SHA256
0ef8330a6cf88ae8f244cb9838b4b91c24c3eb7bd281647d8b5c6653d82d8b47
-
SHA512
81f9f420e6b51a101a27fd36ff511a7321571b987958c37b4145db04d9fefc34fa38ac0c35e8c62ce6229808ecadd650c4716cdb35bc5397934bf6538b22170f
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09fOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1dxJIiW0MbQxA
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
登录器.exedescription pid process Token: SeDebugPrivilege 4076 登录器.exe Token: SeDebugPrivilege 4076 登录器.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4076-0-0x0000000000750000-0x0000000000751000-memory.dmpFilesize
4KB
-
memory/4076-1-0x0000000000750000-0x0000000000751000-memory.dmpFilesize
4KB
-
memory/4076-2-0x0000000000950000-0x0000000000951000-memory.dmpFilesize
4KB
-
memory/4076-4-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB