Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20240412-en
General
-
Target
tmp
-
Size
7KB
-
MD5
aa752f99b9bfd2ebbb36acdfdf2fa2b8
-
SHA1
3bbc6451e5e38b907be99c5e0312acb74cffe3a3
-
SHA256
cfa53d4cc152a779f364410b4c5a040981323c12b78fd929c11c1135b2a502f7
-
SHA512
7e8c4a88d40720bc280e3b1b0b7d3e9aa751d22c797af683209d06a716c6d34424983648f4a02058d2421f486bcafc9a945a40762f191c6e3c76e2c2f283d4bb
-
SSDEEP
24:eFGStrJ9u0/6hQUnZdkBQAV2ofGGKZqfeNDMSCvOXpmB:is0b4kBQ+htSD9C2kB
Malware Config
Extracted
metasploit
metasploit_stager
124.221.70.199:4448
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource tmp
Files
-
tmp.exe windows:4 windows x64 arch:x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gxpt Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE