Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
29-04-2024 22:52
General
-
Target
payload.exe
-
Size
7KB
-
MD5
26dc60e5c4449a78bf6d0b83f15fb93d
-
SHA1
574ffb99b8c5a535adf66e80108e8208e5eb249e
-
SHA256
a7ad0b33bf09c8987d026a9e9dbc04fd124ec5a61ed9c6726224c6f99a82bdb4
-
SHA512
953fc582734b20eaf8bb8269743d977e73147099fe0c8840394166982b9c46e04d0254c03914edf55a24e7d601a65d474523b52d30cc6efdd1cb42c68132b9f7
-
SSDEEP
24:eFGStrJ9u0/6N1nZdkBQAVv1YLYKZqXeNDMSCvOXpmB:is001kBQYqLY1SD9C2kB
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
metasploit_stager
C2
192.168.88.128:4444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Windows directory 2 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\payload.exe"C:\Users\Admin\AppData\Local\Temp\payload.exe"1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/424-0-0x0000000140000000-0x0000000140004278-memory.dmpFilesize
16KB