Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
23-06-2024 01:04
Static task
static1
Behavioral task
behavioral1
Sample
2c23ebfdae563e676de0f80ed5277ef022dcf6b8d1a6c612162d182658ba628d.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2c23ebfdae563e676de0f80ed5277ef022dcf6b8d1a6c612162d182658ba628d.exe
Resource
win10v2004-20240508-en
General
-
Target
2c23ebfdae563e676de0f80ed5277ef022dcf6b8d1a6c612162d182658ba628d.exe
-
Size
8.5MB
-
MD5
ae2c512f485e93e67d8addbad8688890
-
SHA1
375bcec9ad095f039ea8cbb22b558b0a3749c9e8
-
SHA256
2c23ebfdae563e676de0f80ed5277ef022dcf6b8d1a6c612162d182658ba628d
-
SHA512
eb8661fac9f83a8f597ac777f82cd082035ca6c540af9e2ab9cff5c4213f5b1ae7eb4d7b174886e14377664e2c17dcd58327dfd9ead241692ad0ffd614a0320e
-
SSDEEP
196608:lL8uVdZwZKkc5HKu5h44azrnnopUcC8l7qjc9ZFnozOc7FkBv:l7VdZw7cM8yprnbcr7qI9ZrcQ
Malware Config
Extracted
metasploit
windows/reverse_winhttp
https://103.43.18.230/_-4iC1Ai554cFh0Xek-AugfMDAGzX3T_TPxLGmdPUIvKmkBC9Xu1smNmqYoUDvu-7A6cZl_LyfJKf2TMOqk-__
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
2c23ebfdae563e676de0f80ed5277ef022dcf6b8d1a6c612162d182658ba628d.exepid process 1868 2c23ebfdae563e676de0f80ed5277ef022dcf6b8d1a6c612162d182658ba628d.exe