Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
31-03-2024 21:45
General
-
Target
tmp.exe
-
Size
72KB
-
MD5
157a98fa945374e37a3f02b8e5282914
-
SHA1
efe42ed93cba4fe8d66000fab738965ac3a07e29
-
SHA256
0dd40fe630ecb852099bbbcda53d9e137a65b4414ab876159beb86bcf562f256
-
SHA512
6c7034447c8a76a36b90f4dba0c6d099481d329c83f25a699eec71d71072ad97bdf9c4c5bce781f87744bdb98f2a49704874b2f64e5694ef6b3dd381fdeee538
-
SSDEEP
1536:ItBYbt/kFbdUxHkV6yX2PAPH1rXmeAtjw6mMb+KR0Nc8QsJq39:uObtcFBp5FH1rXjkjwNe0Nc8QsC9
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/reverse_tcp
C2
20.151.94.183:4453
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1344 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4696-0-0x0000000000570000-0x0000000000571000-memory.dmpFilesize
4KB