Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 08:17
Behavioral task
behavioral1
Sample
1662578518d37c601c01c92b4d990a49e6f8e9341bea0f4d5a7c29385f0a84cf.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
1662578518d37c601c01c92b4d990a49e6f8e9341bea0f4d5a7c29385f0a84cf.exe
Resource
win10v2004-20240508-en
General
-
Target
1662578518d37c601c01c92b4d990a49e6f8e9341bea0f4d5a7c29385f0a84cf.exe
-
Size
50KB
-
MD5
b8629e8ca124745bce47e47bb6860e96
-
SHA1
e7ea39e290ccd3da0c04a655f7f74ebde21b7ee3
-
SHA256
1662578518d37c601c01c92b4d990a49e6f8e9341bea0f4d5a7c29385f0a84cf
-
SHA512
ae2e541068b42b33803ea4514d2b6fb5749ddf8a87287eaed314081e8618399e57c83284499692bd115939eb5a9e0065c7ec0b3d9e5976b807632a1769de6653
-
SSDEEP
768:LjOmziYzezWcXYbd5rNy1tyLOEWerpVW/eYB+e:L2pScXk5rNy1tNEWerpVAn
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
192.168.10.138:5050
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Processes:
resource yara_rule behavioral1/memory/2972-0-0x0000000000400000-0x000000000041E000-memory.dmp upx behavioral1/memory/2972-2-0x0000000000400000-0x000000000041E000-memory.dmp upx