Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
17-05-2024 08:36
Behavioral task
behavioral1
Sample
077658e677f1f0b5c147eee4f900b883.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
077658e677f1f0b5c147eee4f900b883.exe
Resource
win10v2004-20240426-en
General
-
Target
077658e677f1f0b5c147eee4f900b883.exe
-
Size
11.9MB
-
MD5
077658e677f1f0b5c147eee4f900b883
-
SHA1
4fee05a41da927484bd36290c2019c923d293e0a
-
SHA256
0ea08a314a3a15097a74ecf6cd062d9574f739aa06f1a03ae99a6083e17a99d4
-
SHA512
386730c7f0a74f1c73a1959822c5ef6bac07184c308031778383f8215e0b363e473ea5231da1519171c28dcd20638c49e21d0c7419eca9f36b9d21e6597663fe
-
SSDEEP
196608:uQqEkRQLDPE50mr2puHUHNTYCsXDjDyfzdJolpPgToa10/cOMFOnJF9bEJ7BuCr7:sEkRQXcKmr2pu0tTYCEDMJ83a100OMs4
Malware Config
Extracted
metasploit
metasploit_stager
106.53.94.240:6000
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Loads dropped DLL 36 IoCs
Processes:
077658e677f1f0b5c147eee4f900b883.exepid process 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe 2696 077658e677f1f0b5c147eee4f900b883.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
077658e677f1f0b5c147eee4f900b883.exe077658e677f1f0b5c147eee4f900b883.exedescription pid process target process PID 2124 wrote to memory of 2696 2124 077658e677f1f0b5c147eee4f900b883.exe 077658e677f1f0b5c147eee4f900b883.exe PID 2124 wrote to memory of 2696 2124 077658e677f1f0b5c147eee4f900b883.exe 077658e677f1f0b5c147eee4f900b883.exe PID 2696 wrote to memory of 2688 2696 077658e677f1f0b5c147eee4f900b883.exe cmd.exe PID 2696 wrote to memory of 2688 2696 077658e677f1f0b5c147eee4f900b883.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\077658e677f1f0b5c147eee4f900b883.exe"C:\Users\Admin\AppData\Local\Temp\077658e677f1f0b5c147eee4f900b883.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\077658e677f1f0b5c147eee4f900b883.exe"C:\Users\Admin\AppData\Local\Temp\077658e677f1f0b5c147eee4f900b883.exe"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\Crypto\Cipher\_Salsa20.pydFilesize
13KB
MD5371776a7e26baeb3f75c93a8364c9ae0
SHA1bf60b2177171ba1c6b4351e6178529d4b082bda9
SHA25615257e96d1ca8480b8cb98f4c79b6e365fe38a1ba9638fc8c9ab7ffea79c4762
SHA512c23548fbcd1713c4d8348917ff2ab623c404fb0e9566ab93d147c62e06f51e63bdaa347f2d203fe4f046ce49943b38e3e9fa1433f6455c97379f2bc641ae7ce9
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\Crypto\Cipher\_raw_cbc.pydFilesize
12KB
MD520708935fdd89b3eddeea27d4d0ea52a
SHA185a9fe2c7c5d97fd02b47327e431d88a1dc865f7
SHA25611dd1b49f70db23617e84e08e709d4a9c86759d911a24ebddfb91c414cc7f375
SHA512f28c31b425dc38b5e9ad87b95e8071997e4a6f444608e57867016178cd0ca3e9f73a4b7f2a0a704e45f75b7dcff54490510c6bf8461f3261f676e9294506d09b
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\Crypto\Cipher\_raw_cfb.pydFilesize
13KB
MD543bbe5d04460bd5847000804234321a6
SHA13cae8c4982bbd73af26eb8c6413671425828dbb7
SHA256faa41385d0db8d4ee2ee74ee540bc879cf2e884bee87655ff3c89c8c517eed45
SHA512dbc60f1d11d63bebbab3c742fb827efbde6dff3c563ae1703892d5643d5906751db3815b97cbfb7da5fcd306017e4a1cdcc0cdd0e61adf20e0816f9c88fe2c9b
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\Crypto\Cipher\_raw_ctr.pydFilesize
14KB
MD5c6b20332b4814799e643badffd8df2cd
SHA1e7da1c1f09f6ec9a84af0ab0616afea55a58e984
SHA25661c7a532e108f67874ef2e17244358df19158f6142680f5b21032ba4889ac5d8
SHA512d50c7f67d2dfb268ad4cf18e16159604b6e8a50ea4f0c9137e26619fd7835faad323b5f6a2b8e3ec1c023e0678bcbe5d0f867cd711c5cd405bd207212228b2b4
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\Crypto\Cipher\_raw_ecb.pydFilesize
10KB
MD5fee13d4fb947835dbb62aca7eaff44ef
SHA17cc088ab68f90c563d1fe22d5e3c3f9e414efc04
SHA2563e0d07bbf93e0748b42b1c2550f48f0d81597486038c22548224584ae178a543
SHA512dea92f935bc710df6866e89cc6eb5b53fc7adf0f14f3d381b89d7869590a1b0b1f98f347664f7a19c6078e7aa3eb0f773ffcb711cc4275d0ecd54030d6cf5cb2
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\Crypto\Cipher\_raw_ofb.pydFilesize
12KB
MD54d9182783ef19411ebd9f1f864a2ef2f
SHA1ddc9f878b88e7b51b5f68a3f99a0857e362b0361
SHA256c9f4c5ffcdd4f8814f8c07ce532a164ab699ae8cde737df02d6ecd7b5dd52dbd
SHA5128f983984f0594c2cac447e9d75b86d6ec08ed1c789958afa835b0d1239fd4d7ebe16408d080e7fce17c379954609a93fc730b11be6f4a024e7d13d042b27f185
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\Crypto\Hash\_BLAKE2s.pydFilesize
14KB
MD59d28433ea8ffbfe0c2870feda025f519
SHA14cc5cf74114d67934d346bb39ca76f01f7acc3e2
SHA256fc296145ae46a11c472f99c5be317e77c840c2430fbb955ce3f913408a046284
SHA51266b4d00100d4143ea72a3f603fb193afa6fd4efb5a74d0d17a206b5ef825e4cc5af175f5fb5c40c022bde676ba7a83087cb95c9f57e701ca4e7f0a2fce76e599
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\Crypto\Hash\_SHA1.pydFilesize
19KB
MD5ab0bcb36419ea87d827e770a080364f6
SHA16d398f48338fb017aacd00ae188606eb9e99e830
SHA256a927548abea335e6bcb4a9ee0a949749c9e4aa8f8aad481cf63e3ac99b25a725
SHA5123580fb949acee709836c36688457908c43860e68a36d3410f3fa9e17c6a66c1cdd7c081102468e4e92e5f42a0a802470e8f4d376daa4ed7126818538e0bd0bc4
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\Crypto\Hash\_SHA256.pydFilesize
21KB
MD5a442ea85e6f9627501d947be3c48a9dd
SHA1d2dec6e1be3b221e8d4910546ad84fe7c88a524d
SHA2563dbcb4d0070be355e0406e6b6c3e4ce58647f06e8650e1ab056e1d538b52b3d3
SHA512850a00c7069ffdba1efe1324405da747d7bd3ba5d4e724d08a2450b5a5f15a69a0d3eaf67cef943f624d52a4e2159a9f7bdaeafdc6c689eacea9987414250f3b
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\Crypto\Hash\_ghash_portable.pydFilesize
13KB
MD5c4cc05d3132fdfb05089f42364fc74d2
SHA1da7a1ae5d93839577bbd25952a1672c831bc4f29
SHA2568f3d92de840abb5a46015a8ff618ff411c73009cbaa448ac268a5c619cf84721
SHA512c597c70b7af8e77beeebf10c32b34c37f25c741991581d67cf22e0778f262e463c0f64aa37f92fbc4415fe675673f3f92544e109e5032e488f185f1cfbc839fe
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\Crypto\Protocol\_scrypt.pydFilesize
12KB
MD5ba46602b59fcf8b01abb135f1534d618
SHA1eff5608e05639a17b08dca5f9317e138bef347b5
SHA256b1bab0e04ac60d1e7917621b03a8c72d1ed1f0251334e9fa12a8a1ac1f516529
SHA512a5e2771623da697d8ea2e3212fbdde4e19b4a12982a689d42b351b244efba7efa158e2ed1a2b5bc426a6f143e7db810ba5542017ab09b5912b3ecc091f705c6e
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\Crypto\Util\_cpuid_c.pydFilesize
10KB
MD54d9c33ae53b38a9494b6fbfa3491149e
SHA11a069e277b7e90a3ab0dcdee1fe244632c9c3be4
SHA2560828cad4d742d97888d3dfce59e82369317847651bba0f166023cb8aca790b2b
SHA512bdfbf29198a0c7ed69204bf9e9b6174ebb9e3bee297dd1eb8eb9ea6d7caf1cc5e076f7b44893e58ccf3d0958f5e3bdee12bd090714beb5889836ee6f12f0f49e
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\Crypto\Util\_strxor.pydFilesize
10KB
MD58f4313755f65509357e281744941bd36
SHA12aaf3f89e56ec6731b2a5fa40a2fe69b751eafc0
SHA25670d90ddf87a9608699be6bbedf89ad469632fd0adc20a69da07618596d443639
SHA512fed2b1007e31d73f18605fb164fee5b46034155ab5bb7fe9b255241cfa75ff0e39749200eb47a9ab1380d9f36f51afba45490979ab7d112f4d673a0c67899ef4
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\VCRUNTIME140.dllFilesize
93KB
MD54a365ffdbde27954e768358f4a4ce82e
SHA1a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA2566a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA51254e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\_bz2.pydFilesize
85KB
MD5a49c5f406456b79254eb65d015b81088
SHA1cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\_cffi_backend.cp38-win_amd64.pydFilesize
177KB
MD577b5d28b725596b08d4393786d98bd27
SHA1e3f00478de1d28bc7d2e9f0b552778be3e32d43b
SHA256f7a00ba343d6f1ea8997d95b242fbbd70856ec2b98677d5f8b52921b8658369c
SHA512d44415d425f7423c3d68df22b72687a2d0da52966952e20d215553aa83de1e7a5192ec918a3d570d6c2362eb5500b56b87e3ffbc0b768bfa064585aea2a30e9d
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\_ctypes.pydFilesize
124KB
MD5291a0a9b63bae00a4222a6df71a22023
SHA17a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\_hashlib.pydFilesize
46KB
MD55e5af52f42eaf007e3ac73fd2211f048
SHA11a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\_lzma.pydFilesize
159KB
MD5cf9fd17b1706f3044a8f74f6d398d5f1
SHA1c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA2569209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA5125fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\_queue.pydFilesize
28KB
MD5dd146e2fa08302496b15118bf47703cf
SHA1d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA25667e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA5125b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\_socket.pydFilesize
78KB
MD54827652de133c83fa1cae839b361856c
SHA1182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA25687832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA5128d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\_ssl.pydFilesize
152KB
MD5d4dfd8c2894670e9f8d6302c09997300
SHA1c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA2560a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA5121422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\base_library.zipFilesize
1008KB
MD5c36ac516b6db2b1314bacd5b0f2f443e
SHA1e1bdac2ee9d7d6bce7736a3f1227ac04a50a25b5
SHA256cad7cfc3921fac97b004237f93645bf0344bb3bd0065c08d040846397ae494ff
SHA512fb439ddb3e2198e84e7e5b591a73ccc3db65daa33d5eaf322b40818c7666ab6d58455d94c06a6eb3bdb1d8a147ed37044a7c5c8ba19d94cf144a4ad0bf63373c
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\libcrypto-1_1.dllFilesize
3.2MB
MD589511df61678befa2f62f5025c8c8448
SHA1df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA5129af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\libffi-7.dllFilesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\libssl-1_1.dllFilesize
674KB
MD550bcfb04328fec1a22c31c0e39286470
SHA13a1b78faf34125c7b8d684419fa715c367db3daa
SHA256fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\pyexpat.pydFilesize
187KB
MD52ae23047648257afa90d0ca96811979f
SHA10833cf7ccae477faa4656c74d593d0f59844cadd
SHA2565caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA51213052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\python3.dllFilesize
58KB
MD5c9f0b55fce50c904dff9276014cef6d8
SHA19f9ae27df619b695827a5af29414b592fc584e43
SHA256074b06ae1d0a0b5c26f0ce097c91e2f24a5d38b279849115495fc40c6c10117e
SHA5128dd188003d8419a25de7fbb37b29a4bc57a6fd93f2d79b5327ad2897d4ae626d7427f4e6ac84463c158bcb18b6c1e02e83ed49f347389252477bbeeb864ac799
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\python38.dllFilesize
4.0MB
MD526ba25d468a778d37f1a24f4514d9814
SHA1b64fe169690557656ede3ae50d3c5a197fea6013
SHA2562f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA51280471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\select.pydFilesize
27KB
MD5e21cff76db11c1066fd96af86332b640
SHA1e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\ucrtbase.dllFilesize
1020KB
MD5c9c70e684ca8e1d74fcfa17dbc6eaab4
SHA1956f47dbed9b405687429827f532e5347189f108
SHA256c3c6ff3005623a771cf1642beabb62add5f101782b8f2b60081ab3faf2824cca
SHA5122b3e9f1fe105bd4c08e76e6ac584670735cc459272c34e95dce3db3f58ad392a1a63c2726f3f08e1d35fd6facab92d41b9cb2ac44c0531ce44daf17a9517374a
-
C:\Users\Admin\AppData\Local\Temp\_MEI21242\unicodedata.pydFilesize
1.0MB
MD5601aee84e12b87ca66826dfc7ca57231
SHA13a7812433ca7d443d4494446a9ced24b6774ceca
SHA256d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA5127c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7
-
memory/2696-183-0x000002B4C8220000-0x000002B4C8221000-memory.dmpFilesize
4KB