Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-04-2024 14:20
General
-
Target
e61039af40cb17c28aaf3d75e4332e5b070ebfd91b7c7891f8b38d4bbe4f39e8.exe
-
Size
3.2MB
-
MD5
145f0ccb4a3ac4a798ed7352825dfed0
-
SHA1
3d6d72f2f1d86b82be7b8f4a840954db61508639
-
SHA256
e61039af40cb17c28aaf3d75e4332e5b070ebfd91b7c7891f8b38d4bbe4f39e8
-
SHA512
66abba6b019f21f8f3a7f8e8b26931909759fc5f442ffc5b66b332e8bfbdcaef744a2f8a1b68fa5954d5766e03d340cee1cbc7f1ffcd0a2cc25b877e280eb297
-
SSDEEP
98304:owOBfKtpt+7+KfLzHiN/iYttBMqjkqDDc:NN+CWzCN/ikuqjkS
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/shell_reverse_tcp
C2
192.168.5.132:4444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e61039af40cb17c28aaf3d75e4332e5b070ebfd91b7c7891f8b38d4bbe4f39e8.exe"C:\Users\Admin\AppData\Local\Temp\e61039af40cb17c28aaf3d75e4332e5b070ebfd91b7c7891f8b38d4bbe4f39e8.exe"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2352-1-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/2352-9-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB