Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28-04-2024 01:16
Static task
static1
Behavioral task
behavioral1
Sample
e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96.exe
Resource
win10v2004-20240426-en
General
-
Target
e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96.exe
-
Size
11.4MB
-
MD5
f25585c1b52299fb5286680b7303e3fa
-
SHA1
a45fa68de02fe4d2fca32d7b867bd10babe98b28
-
SHA256
e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96
-
SHA512
cdbcfe7693651d288750c89d45982eecd617694181ed9358d43ca3854aa5dd0e50843517f73e3898d1228fab5957afb833e846dbd354af529fcc47dd06cffe1a
-
SSDEEP
196608:Jua9H1n4YZUIeeUVJsv6tWKFdu9CY+7f:xyPVJsv6tWKFdu9Cx
Malware Config
Extracted
metasploit
windows/download_exec
http://134.175.182.163:8443/rpc
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96.exepid process 2776 e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96.exepid process 2776 e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96.exe"C:\Users\Admin\AppData\Local\Temp\e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2776