Analysis Overview
SHA256
ed14a8886c207595360dbc904914f5113a656951d9aafc748d56d0e9b8f70742
Threat Level: Known bad
The file ed14a8886c207595360dbc904914f5113a656951d9aafc748d56d0e9b8f70742 was found to be: Known bad.
Malicious Activity Summary
Metasploit family
MetaSploit
UPX packed file
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-07-04 06:16
Signatures
Metasploit family
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-04 06:16
Reported
2024-07-04 06:18
Platform
win10v2004-20240508-en
Max time kernel
125s
Max time network
126s
Command Line
Signatures
MetaSploit
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ed14a8886c207595360dbc904914f5113a656951d9aafc748d56d0e9b8f70742.exe
"C:\Users\Admin\AppData\Local\Temp\ed14a8886c207595360dbc904914f5113a656951d9aafc748d56d0e9b8f70742.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3416,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4088 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 89.197.154.116:7810 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| GB | 89.197.154.116:7810 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| GB | 89.197.154.116:7810 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| GB | 89.197.154.116:7810 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| GB | 89.197.154.116:7810 | tcp | |
| GB | 89.197.154.116:7810 | tcp |
Files
memory/2412-0-0x0000000000400000-0x0000000000419000-memory.dmp
memory/2412-1-0x0000000000670000-0x0000000000671000-memory.dmp
memory/2412-2-0x0000000000400000-0x0000000000419000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-04 06:16
Reported
2024-07-04 06:18
Platform
win11-20240611-en
Max time kernel
146s
Max time network
152s
Command Line
Signatures
MetaSploit
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ed14a8886c207595360dbc904914f5113a656951d9aafc748d56d0e9b8f70742.exe
"C:\Users\Admin\AppData\Local\Temp\ed14a8886c207595360dbc904914f5113a656951d9aafc748d56d0e9b8f70742.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 89.197.154.116:7810 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| GB | 89.197.154.116:7810 | tcp | |
| NL | 52.111.243.30:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
memory/2512-0-0x0000000000400000-0x0000000000419000-memory.dmp
memory/2512-1-0x00000000005C0000-0x00000000005C1000-memory.dmp
memory/2512-2-0x0000000000400000-0x0000000000419000-memory.dmp