Analysis
-
max time kernel
92s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-05-2024 04:37
Static task
static1
Behavioral task
behavioral1
Sample
bb9e514a09715b3c0f8afde18a74d88e618eb4eea8b4d3031882032e423954e2.exe
Resource
win10v2004-20240508-en
General
-
Target
bb9e514a09715b3c0f8afde18a74d88e618eb4eea8b4d3031882032e423954e2.exe
-
Size
69KB
-
MD5
3c92e36dbf5ff1a5a4754da11b932306
-
SHA1
1385e804ab96adad64c8bb6f777db0b158611f61
-
SHA256
bb9e514a09715b3c0f8afde18a74d88e618eb4eea8b4d3031882032e423954e2
-
SHA512
bddefd556e0c8fc8bed4f284a89e4c2f65b6f194e20725c137407f20f73f4f6cac52906a94ab33068857692d7d8ebbf660c42bf6539b48c8012bc781b29211d3
-
SSDEEP
768:ZIcdcQY/sQskPu+58oskuJmbYhEEuO5bQlUtNK/WuKhzCna5yPS:Z6K8SosBJVbQ+yk5yP
Malware Config
Extracted
metasploit
windows/download_exec
http://arress.windowshostnamehost.club:8585/kF2y
- headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4128 3508 WerFault.exe bb9e514a09715b3c0f8afde18a74d88e618eb4eea8b4d3031882032e423954e2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bb9e514a09715b3c0f8afde18a74d88e618eb4eea8b4d3031882032e423954e2.exe"C:\Users\Admin\AppData\Local\Temp\bb9e514a09715b3c0f8afde18a74d88e618eb4eea8b4d3031882032e423954e2.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 12442⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3508 -ip 35081⤵