Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
18-04-2024 09:42
Behavioral task
behavioral1
Sample
crmsannicor.exe
Resource
win7-20240215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
crmsannicor.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
crmsannicor.exe
-
Size
72KB
-
MD5
3b281ff9ca4716412a209a910800cfaf
-
SHA1
2e61a1f5b186179fbdd64e7e729e6d4dc7a88186
-
SHA256
f5cd5d418020719721253fa22b9e53db8999314d7e46ecfac8c653800a9c1508
-
SHA512
eb699757c21557e65a641bfdafe51dfee46b8bfe1e14836a5e42cc1a2e122b5c61335ca6a982b2ca28a900d9369da794e1a962ebcdd2bd56e6d64ad0d462cdc2
-
SSDEEP
1536:ICi3MwChivwkDuZ3rszH+0ZMb+KR0Nc8QsJq39:TiLp46De0Nc8QsC9
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/reverse_tcp
C2
44.210.111.57:4443
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.