Analysis
-
max time kernel
133s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01-06-2024 12:32
Behavioral task
behavioral1
Sample
07ca48a9d7ceb7adb279e6df61eed9a369e50718adf4560f08368a1d17cf5c3a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
07ca48a9d7ceb7adb279e6df61eed9a369e50718adf4560f08368a1d17cf5c3a.exe
Resource
win10v2004-20240508-en
General
-
Target
07ca48a9d7ceb7adb279e6df61eed9a369e50718adf4560f08368a1d17cf5c3a.exe
-
Size
5.4MB
-
MD5
70f4a63fcbcc57812ba5cfcb4175df79
-
SHA1
87a8502693a47f504cde4a3f3cd796d8472eee13
-
SHA256
07ca48a9d7ceb7adb279e6df61eed9a369e50718adf4560f08368a1d17cf5c3a
-
SHA512
20f29cd3066339630c5c10ec946d3f3d956acbf9623edba1b4a7d6941feb29e804f39ddeff7be97587c61816c848e87c407c2e9bd35b9c0c3c9f1845ac226a53
-
SSDEEP
98304:vCF+OIyoWoZh1i0hUNfHBiCV2HW/E9C0hUNfHBiCV2HvNX/:8+OIynoojNIKEEjNYB
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Loads dropped DLL 1 IoCs
Processes:
07ca48a9d7ceb7adb279e6df61eed9a369e50718adf4560f08368a1d17cf5c3a.exepid process 2576 07ca48a9d7ceb7adb279e6df61eed9a369e50718adf4560f08368a1d17cf5c3a.exe -
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 5036 2576 WerFault.exe 07ca48a9d7ceb7adb279e6df61eed9a369e50718adf4560f08368a1d17cf5c3a.exe 2372 2576 WerFault.exe 07ca48a9d7ceb7adb279e6df61eed9a369e50718adf4560f08368a1d17cf5c3a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\07ca48a9d7ceb7adb279e6df61eed9a369e50718adf4560f08368a1d17cf5c3a.exe"C:\Users\Admin\AppData\Local\Temp\07ca48a9d7ceb7adb279e6df61eed9a369e50718adf4560f08368a1d17cf5c3a.exe"1⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 5522⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 10642⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2576 -ip 25761⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2576 -ip 25761⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dllFilesize
67KB
MD57d5d3e2fcfa5ff53f5ae075ed4327b18
SHA13905104d8f7ba88b3b34f4997f3948b3183953f6
SHA256e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4
SHA512e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589
-
memory/2576-0-0x0000000000400000-0x0000000000981094-memory.dmpFilesize
5.5MB
-
memory/2576-13-0x0000000004440000-0x0000000004450000-memory.dmpFilesize
64KB
-
memory/2576-14-0x0000000000400000-0x0000000000981094-memory.dmpFilesize
5.5MB