Analysis
-
max time kernel
105s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
17-09-2024 22:06
Behavioral task
behavioral1
Sample
6c5c2ea6c56d1adf5b181cf159e01b655529681161897bd48cef0d2ee936c8e5N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6c5c2ea6c56d1adf5b181cf159e01b655529681161897bd48cef0d2ee936c8e5N.exe
Resource
win10v2004-20240802-en
General
-
Target
6c5c2ea6c56d1adf5b181cf159e01b655529681161897bd48cef0d2ee936c8e5N.exe
-
Size
72KB
-
MD5
c5d21f776b920a042fcf0bbd9a25d870
-
SHA1
c226140377e7310936de1a5e105905941417136f
-
SHA256
6c5c2ea6c56d1adf5b181cf159e01b655529681161897bd48cef0d2ee936c8e5
-
SHA512
a19e7d2ccea639fd6a9df90b57aedf91ffc9854939e918bd3d2bab7eab9d31dd078fbfb20bf47cdabb541273384dc97e45cb5f8fd69fa7b93a35b99fbffff7a3
-
SSDEEP
1536:InOphoSuU8rab4gUOS39g6eqMb+KR0Nc8QsJq39:eOHou8V5O+9g63e0Nc8QsC9
Malware Config
Extracted
metasploit
windows/reverse_tcp
128.5.58.136:52418
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 6c5c2ea6c56d1adf5b181cf159e01b655529681161897bd48cef0d2ee936c8e5N.exe
Processes
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request67.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request149.220.183.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request183.59.114.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
132 B 90 B 2 1
DNS Request
8.8.8.8.in-addr.arpa
DNS Request
8.8.8.8.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
67.31.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
149.220.183.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
183.59.114.20.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
48.229.111.52.in-addr.arpa