General
-
Target
a8b762aa834d9a388b67962f80b161238a3c1194025daecf028aaa3d6e5a3a56
-
Size
41KB
-
Sample
240624-zt2ajsvhjr
-
MD5
cd9077322a081864b40900c91975d1af
-
SHA1
bbcf7503354f2a53ce412a7ba32e7a8f96139515
-
SHA256
a8b762aa834d9a388b67962f80b161238a3c1194025daecf028aaa3d6e5a3a56
-
SHA512
b3c47af8212113bfa022ba720be74a643fa2818a77517c98c1137b0b2ee79c039191ef6a54a1da55a923effd73df56206f297f7946f4aa657862466de19fb7d9
-
SSDEEP
384:RyiSwvxjk+tzQPZNy9WhgCTB/a4+dpCPlIZM0jrBPsttbLdfL:R1xw+teNy9WPX+dpCPquQPsjLdfL
Behavioral task
behavioral1
Sample
a8b762aa834d9a388b67962f80b161238a3c1194025daecf028aaa3d6e5a3a56.doc
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a8b762aa834d9a388b67962f80b161238a3c1194025daecf028aaa3d6e5a3a56.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
windows/reverse_http
http://10.10.100.200:443/JgxXsczWxFH9JPwlm11JegtEaHAmKhpZkJEdb9KlcDTnoai0LvID7QMmgM7AfOqswEUQerQPvIFS2NgAA-aYqqJpFgjVjDxtp53BWswAXYX-r7sZEq9XMfPZ1WEgOYZh_F0m5I5KKOd9a_2qQZYu8Svx-SFG1ocJgOKVjMbZGsfIj-dzal9xKOyXzuM-9vwW8uOEm4
Targets
-
-
Target
a8b762aa834d9a388b67962f80b161238a3c1194025daecf028aaa3d6e5a3a56
-
Size
41KB
-
MD5
cd9077322a081864b40900c91975d1af
-
SHA1
bbcf7503354f2a53ce412a7ba32e7a8f96139515
-
SHA256
a8b762aa834d9a388b67962f80b161238a3c1194025daecf028aaa3d6e5a3a56
-
SHA512
b3c47af8212113bfa022ba720be74a643fa2818a77517c98c1137b0b2ee79c039191ef6a54a1da55a923effd73df56206f297f7946f4aa657862466de19fb7d9
-
SSDEEP
384:RyiSwvxjk+tzQPZNy9WhgCTB/a4+dpCPlIZM0jrBPsttbLdfL:R1xw+teNy9WPX+dpCPquQPsjLdfL
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-