Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
10-09-2024 21:13
General
-
Target
file.exe
-
Size
72KB
-
MD5
d1ba5271cc1825702119cfd7e0232f81
-
SHA1
89515a56e8963338673fc076f0143ddd005910fe
-
SHA256
9b4013e7e8decdbe58db125765084aaaff774701c363ffbbd4f8dd24eda4fc3c
-
SHA512
88ef050d054f7c7bf847c762c34a4797e171534c769265b615cdb75246b6535c5b97e135f94431debd2cea2cd8b7fd905f08c601d3032545e7842fd04e8c0728
-
SSDEEP
1536:INi3NGdsLzuXz0jF+dhHEgCoK99KLxpMb+KR0Nc8QsJq39:OMviXmF+7HEgfKK7e0Nc8QsC9
Malware Config
Extracted
metasploit
windows/reverse_http
http://89.197.154.116:7810/sAF-Hb95OwOLTYpM7ZXwsQgEsvql3Gx6MJHfuQr8QdwRJXB7q4FYyI56qJG8zalB7qPf9Y2DgF4HohAo9zZHz5J6zulBUXtWgnGnggNFcsQikjL-e4grXzBikSLYainJD3tOK89zCOd7pp_0QdfoIKV-SRaleGy4oAkHR88EUwiPE3f6RWY6sd_-jrWrlj6IYEPUIMX_HdfnJMl8JutjGmpCb_ZVWaaX-Cv_abnB6xtSAMLOAGeP3lCuVD
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB