Analysis

  • max time kernel
    47s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    16/09/2024, 04:37 UTC

General

  • Target

    NoThreatDetected-f0b2eb09d88f9d304deaca945014ebe29f21bf4a5131313b25f24e7e2d77a798N.exe

  • Size

    1.3MB

  • MD5

    f2b927610eb6fa73f65b4ba3af345580

  • SHA1

    de5cefcff65b43b1b107c85b9f80c03aea7b2022

  • SHA256

    f0b2eb09d88f9d304deaca945014ebe29f21bf4a5131313b25f24e7e2d77a798

  • SHA512

    4faace657a2012ef7c5c0f393ea54a46214910f4b993373397a6131f3e3c6df62b6ca7b341a24598159095582c69a7ebefec99e2ffedf677775cd17f86f3a07c

  • SSDEEP

    24576:k5lRMo0yiwcNRfdSKG95aqXzK/ekq3in+sayZ10AeCJTC+LzRhmxv3nO:kCdSKG/73inFeCnzMv3nO

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://192.168.19.83:4443/jquery-3.3.1.slim.min.js

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\NoThreatDetected-f0b2eb09d88f9d304deaca945014ebe29f21bf4a5131313b25f24e7e2d77a798N.exe
    "C:\Users\Admin\AppData\Local\Temp\NoThreatDetected-f0b2eb09d88f9d304deaca945014ebe29f21bf4a5131313b25f24e7e2d77a798N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2324

Network

    No results found
  • 192.168.19.83:4443
    NoThreatDetected-f0b2eb09d88f9d304deaca945014ebe29f21bf4a5131313b25f24e7e2d77a798N.exe
    152 B
    3
  • 192.168.19.83:4443
    NoThreatDetected-f0b2eb09d88f9d304deaca945014ebe29f21bf4a5131313b25f24e7e2d77a798N.exe
    152 B
    3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2324-0-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.