Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
16-05-2024 14:12
Static task
static1
Behavioral task
behavioral1
Sample
level0.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
level0.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
level1.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
level1.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
level2.exe
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
level2.exe
Resource
win10v2004-20240508-en
General
-
Target
level0.exe
-
Size
12.2MB
-
MD5
f9f0a80d33560d81f5d26938d1571e52
-
SHA1
d493ad026b8ad0b11822acd807ed8b4471af712c
-
SHA256
24a73f79cd0dc350f85c9f11a0ce6b97963b3f7191c09e29959f08819140caef
-
SHA512
7a4be5d34ada64955d5cc9c5a13fd614860bb23e657180f239df4400a8cabd254b2afb58d4945c041192f118fcaef3582c17689133a57554eb73461fa34d18c3
-
SSDEEP
196608:xwdXfHnmfdf0r/acj5a6m9oZOujWBLKOiGaz33:WdPGfdf0vHZOujgobzH
Malware Config
Extracted
metasploit
metasploit_stager
192.168.122.1:31337
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
level0.exepid process 2216 level0.exe 2216 level0.exe -
Suspicious use of WriteProcessMemory 1 IoCs
Processes:
level0.exedescription pid process target process PID 2216 wrote to memory of 1080 2216 level0.exe taskhost.exe