Analysis
-
max time kernel
109s -
max time network
112s -
platform
windows10-1703_x64 -
resource
win10-20240404-it -
resource tags
arch:x64arch:x86image:win10-20240404-itlocale:it-itos:windows10-1703-x64systemwindows -
submitted
28-04-2024 00:42
Behavioral task
behavioral1
Sample
test.exe
Resource
win10-20240404-it
windows10-1703-x64
1 signatures
150 seconds
General
-
Target
test.exe
-
Size
72KB
-
MD5
2cdbafc40984ac065075425cf2bc051c
-
SHA1
bcbff0c3d916c7b540e06e2a167a56aeb27a3672
-
SHA256
1419146b3c3acf56beb90122cd258aeb6022a64b166d17fbf46ea534a0b5595d
-
SHA512
5dc47fb45463464f3758eabee3f713a8fa9dca9b5700921eed0cc257fbb1a09f0b72b2c9cbc1fd025549aaff44dfcbde67e9718a1a067b3da90804eb06eb9a4c
-
SSDEEP
1536:IBaOgFzPLkdNQjwhUSqVMiYhMb+KR0Nc8QsJq39:fccjwGye0Nc8QsC9
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/reverse_tcp
C2
192.168.226.15:4444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
Processes
-
C:\Users\Admin\AppData\Local\Temp\test.exe"C:\Users\Admin\AppData\Local\Temp\test.exe"1⤵PID:204
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3208