Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-06-2024 01:20

General

  • Target

    c2b8512055bcd2b94f235a56c6add1914d92a2fc78c5cb7c942d3c4496263a68.exe

  • Size

    82KB

  • MD5

    a1c984415c2aefd5b01be2caac70dca7

  • SHA1

    372feb5ba12779df7360692455cfd6cc28392908

  • SHA256

    c2b8512055bcd2b94f235a56c6add1914d92a2fc78c5cb7c942d3c4496263a68

  • SHA512

    ee5724dba64299d7fa346910d31aa1e9cd3f2fdb80dae77420d2a27b538314a54d4154f687800cec2828cb60167546b1f6e1d47da670d76385bbc83eee359cfe

  • SSDEEP

    1536:ImRlHYhdhL2aVf28d7a28WCywUwSKMb+KR0Nc8QsJq3S7yxsW:hmdhiaVfq28DUKe0Nc8QsCSA

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_winhttp

C2

https://45.76.55.148/_uecRF-rE1mCi4OK52eXyA9-i2584cVh-QxIL

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c2b8512055bcd2b94f235a56c6add1914d92a2fc78c5cb7c942d3c4496263a68.exe
    "C:\Users\Admin\AppData\Local\Temp\c2b8512055bcd2b94f235a56c6add1914d92a2fc78c5cb7c942d3c4496263a68.exe"
    1⤵
      PID:1972
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5080 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:3900

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1972-0-0x0000000000560000-0x0000000000561000-memory.dmp

        Filesize

        4KB