Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15-04-2024 22:41
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20240412-en
General
-
Target
tmp.exe
-
Size
31KB
-
MD5
e9dc029457e9d23c8db988c4c0585bfa
-
SHA1
3d670aa59c97d831e5097b69734b994bf4144cbb
-
SHA256
18ba6cd59749904247bade4b75429e2ac2c4ee2a6fe206ebd114e89283f8f5db
-
SHA512
3a6138fd199b3cd0a12f4a1ca193823b32afa557a3d7af5e279cc96edb3fcab31fcf6bbff357d089331f47a295e83222f17a45be3dd4254de88b06bf98f379a9
-
SSDEEP
192:+np66k5gQDVAU3l6+eKdv3Zn4TJrJfsQ5XfDcyLwaBg1+Cfs2LzwYDK7UlVSq7j4:GO/5AwJtZ4RFskLt
Malware Config
Extracted
metasploit
metasploit_stager
124.221.70.199:8983
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
tmp.exepid process 1440 tmp.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Explorer.EXEdescription pid process Token: SeShutdownPrivilege 1268 Explorer.EXE -
Suspicious use of WriteProcessMemory 1 IoCs
Processes:
tmp.exedescription pid process target process PID 1440 wrote to memory of 1268 1440 tmp.exe Explorer.EXE