Analysis Overview
SHA256
ba95df53f2ab61b18fbd7d0b733ed3d7d13c581ac31cb6764becea91710acf0a
Threat Level: Known bad
The file 40900236b129f005e843dcc5d65917a0.exe was found to be: Known bad.
Malicious Activity Summary
Metasploit family
MetaSploit
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-07-06 04:23
Signatures
Metasploit family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-06 04:23
Reported
2024-07-06 04:26
Platform
win7-20240704-en
Max time kernel
148s
Max time network
154s
Command Line
Signatures
MetaSploit
Processes
C:\Users\Admin\AppData\Local\Temp\40900236b129f005e843dcc5d65917a0.exe
"C:\Users\Admin\AppData\Local\Temp\40900236b129f005e843dcc5d65917a0.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 51.194.142.232:43708 | tcp |
Files
memory/2548-0-0x0000000000020000-0x0000000000021000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-06 04:23
Reported
2024-07-06 04:26
Platform
win10v2004-20240704-en
Max time kernel
147s
Max time network
152s
Command Line
Signatures
MetaSploit
Processes
C:\Users\Admin\AppData\Local\Temp\40900236b129f005e843dcc5d65917a0.exe
"C:\Users\Admin\AppData\Local\Temp\40900236b129f005e843dcc5d65917a0.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 51.194.142.232:43708 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
memory/5116-0-0x00000000004A0000-0x00000000004A1000-memory.dmp