General
-
Target
11f5c23d7c4dee2e17b5a706afc5b1af4d4881339df716cc69613065cb489268
-
Size
40KB
-
Sample
240624-zvv5xsvhlm
-
MD5
b5c848c43e9f4b7dec70a6f9fca06d64
-
SHA1
ef62e391352d8626fa005bd98bf90d62ed3b61e8
-
SHA256
11f5c23d7c4dee2e17b5a706afc5b1af4d4881339df716cc69613065cb489268
-
SHA512
c008b1f82c0fe07763d2d434da9ff510fe0b1685f287ec091deda5b42ed764c43499c0309c729294f23fcf2e573240eb7769b618daa1e4ff01d41e58ff1171c9
-
SSDEEP
384:fyiSwvxjk+tzMVFF8/AFW+7o5TRKkdpCPlIy0jECt7/+Ld:f1xw+t+Fq/A3kdpCPqyjVLd
Behavioral task
behavioral1
Sample
11f5c23d7c4dee2e17b5a706afc5b1af4d4881339df716cc69613065cb489268.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
11f5c23d7c4dee2e17b5a706afc5b1af4d4881339df716cc69613065cb489268.doc
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
windows/reverse_http
http://10.10.100.200:443/JgxXsczWxFH9JPwlm11JegtEaHAmKhpZkJEdb9KlcDTnoai0LvID7QMmgM7AfOqswEUQerQPvIFS2NgAA-aYqqJpFgjVjDxtp53BWswAXYX-r7sZEq9XMfPZ1WEgOYZh_F0m5I5KKOd9a_2qQZYu8Svx-SFG1ocJgOKVjMbZGsfIj-dzal9xKOyXzuM-9vwW8uOEm4
Targets
-
-
Target
11f5c23d7c4dee2e17b5a706afc5b1af4d4881339df716cc69613065cb489268
-
Size
40KB
-
MD5
b5c848c43e9f4b7dec70a6f9fca06d64
-
SHA1
ef62e391352d8626fa005bd98bf90d62ed3b61e8
-
SHA256
11f5c23d7c4dee2e17b5a706afc5b1af4d4881339df716cc69613065cb489268
-
SHA512
c008b1f82c0fe07763d2d434da9ff510fe0b1685f287ec091deda5b42ed764c43499c0309c729294f23fcf2e573240eb7769b618daa1e4ff01d41e58ff1171c9
-
SSDEEP
384:fyiSwvxjk+tzMVFF8/AFW+7o5TRKkdpCPlIy0jECt7/+Ld:f1xw+t+Fq/A3kdpCPqyjVLd
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-