Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
11-06-2024 01:17
General
-
Target
5efab529c30f2571bbb2c3d093898cdf296878dd330afc7dfd68bf86c53b7dae.dll
-
Size
8KB
-
MD5
43296c4ac197f6feae234bb99e90ad57
-
SHA1
6fe1b66534e85db1e8825b6b7cb9ee9fb621cfbd
-
SHA256
5efab529c30f2571bbb2c3d093898cdf296878dd330afc7dfd68bf86c53b7dae
-
SHA512
944bdf639a907689804557d50f3d3d7f69edc02f4a08cbc952397753527cfd716613286af763cfe5834faaddce14812daeb7ed3ae5a63feaee4ed7627cedb701
-
SSDEEP
48:qUr3zU9G4aNVhnX5hthMt6dO54WTJ7d5b:+DIi59J7
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/reverse_tcp
C2
172.105.66.118:8080
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Blocklisted process makes network request 10 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5efab529c30f2571bbb2c3d093898cdf296878dd330afc7dfd68bf86c53b7dae.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5efab529c30f2571bbb2c3d093898cdf296878dd330afc7dfd68bf86c53b7dae.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe3⤵
- Blocklisted process makes network request
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB