General
-
Target
d1763e66be583b16818a92a0e606239cfec2145367c131dc19c8a2319a580b84
-
Size
128KB
-
Sample
240624-k326wavbmc
-
MD5
e1d8dd596c6dff4e25318cae6fab2345
-
SHA1
b9d1e789344bff82cf18e067bd135db2e18e6ab4
-
SHA256
d1763e66be583b16818a92a0e606239cfec2145367c131dc19c8a2319a580b84
-
SHA512
a889fce27e4e773a036c3fe48ec9efb879d7f24e32c99fa3120d3bbdbec3eeb92c3ea7b5a30ad2b3063b673cafea72070b89da91d97bda31ec1e4621e3356046
-
SSDEEP
3072:YU11uWWWWUaaarkuIpi8WP63S+o6qH8QjUDDdofYRxYv0sSpMU4HBE:D1/08wMSWqcaUeSh4H
Static task
static1
Behavioral task
behavioral1
Sample
d1763e66be583b16818a92a0e606239cfec2145367c131dc19c8a2319a580b84.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
d1763e66be583b16818a92a0e606239cfec2145367c131dc19c8a2319a580b84.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
d1763e66be583b16818a92a0e606239cfec2145367c131dc19c8a2319a580b84
-
Size
128KB
-
MD5
e1d8dd596c6dff4e25318cae6fab2345
-
SHA1
b9d1e789344bff82cf18e067bd135db2e18e6ab4
-
SHA256
d1763e66be583b16818a92a0e606239cfec2145367c131dc19c8a2319a580b84
-
SHA512
a889fce27e4e773a036c3fe48ec9efb879d7f24e32c99fa3120d3bbdbec3eeb92c3ea7b5a30ad2b3063b673cafea72070b89da91d97bda31ec1e4621e3356046
-
SSDEEP
3072:YU11uWWWWUaaarkuIpi8WP63S+o6qH8QjUDDdofYRxYv0sSpMU4HBE:D1/08wMSWqcaUeSh4H
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-