Analysis Overview
SHA256
19afe133f088e7f6a49a683f0f69970c9d662157e741c69b898574e972ae49c5
Threat Level: Known bad
The file 19afe133f088e7f6a49a683f0f69970c9d662157e741c69b898574e972ae49c5 was found to be: Known bad.
Malicious Activity Summary
MetaSploit
Metasploit family
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-07-04 05:55
Signatures
Metasploit family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-04 05:55
Reported
2024-07-04 05:57
Platform
win10v2004-20240611-en
Max time kernel
133s
Max time network
126s
Command Line
Signatures
MetaSploit
Processes
C:\Users\Admin\AppData\Local\Temp\19afe133f088e7f6a49a683f0f69970c9d662157e741c69b898574e972ae49c5.exe
"C:\Users\Admin\AppData\Local\Temp\19afe133f088e7f6a49a683f0f69970c9d662157e741c69b898574e972ae49c5.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4360,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| BR | 144.22.38.242:5555 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.38.22.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/2952-0-0x0000000000870000-0x0000000000871000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-04 05:55
Reported
2024-07-04 05:57
Platform
win11-20240508-en
Max time kernel
89s
Max time network
95s
Command Line
Signatures
MetaSploit
Processes
C:\Users\Admin\AppData\Local\Temp\19afe133f088e7f6a49a683f0f69970c9d662157e741c69b898574e972ae49c5.exe
"C:\Users\Admin\AppData\Local\Temp\19afe133f088e7f6a49a683f0f69970c9d662157e741c69b898574e972ae49c5.exe"
Network
| Country | Destination | Domain | Proto |
| BR | 144.22.38.242:5555 | tcp | |
| US | 8.8.8.8:53 | 242.38.22.144.in-addr.arpa | udp |
Files
memory/4192-0-0x00000000005F0000-0x00000000005F1000-memory.dmp