Behavioral task
behavioral1
Sample
d8c28440ab246e57034aab5a606a8deb29299f0eec3c4bb8c064116b8436b387.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
d8c28440ab246e57034aab5a606a8deb29299f0eec3c4bb8c064116b8436b387.exe
Resource
win10v2004-20240611-en
General
-
Target
d8c28440ab246e57034aab5a606a8deb29299f0eec3c4bb8c064116b8436b387
-
Size
7KB
-
MD5
42cac5fa03a4cacddc8e4e6ebcb78dbb
-
SHA1
9013f5e3f261306f1f0921ba81b98437f5a4354c
-
SHA256
d8c28440ab246e57034aab5a606a8deb29299f0eec3c4bb8c064116b8436b387
-
SHA512
31ab577baf7c18fe36e94a8d7a833ab9b298176ee5759e821bafd89587760050bda31a866e58edba8b9ca002c473d19d4d52f3845e28007f20295177d278b473
-
SSDEEP
24:eFGStrJ9u0/6SbnZdkBQAVD6WY+rKZqfIeNDMSCvOXpmB:is0rHkBQyi+rqSD9C2kB
Malware Config
Extracted
metasploit
metasploit_stager
192.168.56.144:1234
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource d8c28440ab246e57034aab5a606a8deb29299f0eec3c4bb8c064116b8436b387
Files
-
d8c28440ab246e57034aab5a606a8deb29299f0eec3c4bb8c064116b8436b387.exe windows:4 windows x64 arch:x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.ljrr Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE