Analysis
-
max time kernel
92s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
28-05-2024 16:01
General
-
Target
b77f3cc05093b680198f0ccb7612f4435e6e9fff02163fb41e9a371cc8b6c077.dll
-
Size
9KB
-
MD5
8e17c1a803e783fa27d146cbe2305465
-
SHA1
51092efbca4432c240dc25c9904bf6e197481050
-
SHA256
b77f3cc05093b680198f0ccb7612f4435e6e9fff02163fb41e9a371cc8b6c077
-
SHA512
bdb732c5502ad399aa3b71a10cd994aa83e050e3c723bc9f008721842cf1b0c35f281dd01ff4742d147e4fc459e39e13efe54652d563fc029064f0f4abd5d4d2
-
SSDEEP
48:q0r+l6O5aXyn/hNhx4/jC/VuJoEpIEq185pI732Zr4yb0E:dX0gJIvypamZk
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/download_exec
C2
http://8.141.95.164:48049/MiZL
Attributes
- headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENXA)
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b77f3cc05093b680198f0ccb7612f4435e6e9fff02163fb41e9a371cc8b6c077.dll,#11⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32.exe2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4908-0-0x000001B885AA0000-0x000001B885AA1000-memory.dmpFilesize
4KB