Analysis
-
max time kernel
91s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19-04-2024 03:46
Behavioral task
behavioral1
Sample
dc2c86355505a18cba43bae37a792837a3376741dc49379425cb268de67e762c.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
dc2c86355505a18cba43bae37a792837a3376741dc49379425cb268de67e762c.exe
Resource
win10v2004-20240412-en
General
-
Target
dc2c86355505a18cba43bae37a792837a3376741dc49379425cb268de67e762c.exe
-
Size
72KB
-
MD5
0678814f40e425c4b56d2c66bdfbb8e0
-
SHA1
71900afed1fb54f7ff730a6d842f0483247acf55
-
SHA256
dc2c86355505a18cba43bae37a792837a3376741dc49379425cb268de67e762c
-
SHA512
19f8e5077abd2dc1c776c98841d8052223468b9b64e593c8028c4545e611bf150c49d7f62a4d5a1d6f821bf8745ac9af3069bf4f197d01997c78f6a308177882
-
SSDEEP
1536:ILTYdVOXoN5KtNuEzzy45xD3uqBGMb+KR0Nc8QsJq39:u4N4i+Ge0Nc8QsC9
Malware Config
Extracted
metasploit
windows/exec
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2032 wrote to memory of 812 2032 dc2c86355505a18cba43bae37a792837a3376741dc49379425cb268de67e762c.exe 86 PID 2032 wrote to memory of 812 2032 dc2c86355505a18cba43bae37a792837a3376741dc49379425cb268de67e762c.exe 86 PID 2032 wrote to memory of 812 2032 dc2c86355505a18cba43bae37a792837a3376741dc49379425cb268de67e762c.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\dc2c86355505a18cba43bae37a792837a3376741dc49379425cb268de67e762c.exe"C:\Users\Admin\AppData\Local\Temp\dc2c86355505a18cba43bae37a792837a3376741dc49379425cb268de67e762c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Windows\SysWOW64\cmd.execmd.exe /C echo 'OS{172c9253313c179c6bec084fa7c0ec2f}'2⤵PID:812
-