Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 01:40
Behavioral task
behavioral1
Sample
afc1f62feeef303a44d0048b647a3e983c141adfc194b2eb0d08d756e935fb13.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
afc1f62feeef303a44d0048b647a3e983c141adfc194b2eb0d08d756e935fb13.exe
Resource
win10v2004-20231215-en
General
-
Target
afc1f62feeef303a44d0048b647a3e983c141adfc194b2eb0d08d756e935fb13.exe
-
Size
72KB
-
MD5
631d2270d20687a2a8b893bd19e44c57
-
SHA1
0761d98e761b4d1074bf4d208e0f64c698ee1910
-
SHA256
afc1f62feeef303a44d0048b647a3e983c141adfc194b2eb0d08d756e935fb13
-
SHA512
748e2137a00173904ecb19dcd4e7a9680d39b1ceb259faeb3d3c9f73afb6048282bad07cb36035edd7854748a227f5b9f91ad0c7e1eb81946696f6825514685d
-
SSDEEP
1536:ILTYdVOXob5KtNuEzzy45xD3uqBGMb+KR0Nc8QsJq39:u4b4i+Ge0Nc8QsC9
Malware Config
Extracted
metasploit
windows/exec
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2904 wrote to memory of 2964 2904 afc1f62feeef303a44d0048b647a3e983c141adfc194b2eb0d08d756e935fb13.exe 28 PID 2904 wrote to memory of 2964 2904 afc1f62feeef303a44d0048b647a3e983c141adfc194b2eb0d08d756e935fb13.exe 28 PID 2904 wrote to memory of 2964 2904 afc1f62feeef303a44d0048b647a3e983c141adfc194b2eb0d08d756e935fb13.exe 28 PID 2904 wrote to memory of 2964 2904 afc1f62feeef303a44d0048b647a3e983c141adfc194b2eb0d08d756e935fb13.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\afc1f62feeef303a44d0048b647a3e983c141adfc194b2eb0d08d756e935fb13.exe"C:\Users\Admin\AppData\Local\Temp\afc1f62feeef303a44d0048b647a3e983c141adfc194b2eb0d08d756e935fb13.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2904 -
C:\Windows\SysWOW64\cmd.execmd.exe /C echo 'OS{e138baaebab379c703a11549f89bf712}'2⤵PID:2964
-