Analysis

  • max time kernel
    64s
  • max time network
    66s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-09-2024 18:33

General

  • Target

    Trojan.Win32.Swrort.exe

  • Size

    648KB

  • MD5

    cdd15e789fb08ba75454354c1591ac10

  • SHA1

    0a51bfde3d79972472cdbb2a4205074544ef7203

  • SHA256

    e29bd0f5260aeff2aa6c981358820702d3dd84194bc8df1696864973c2770ec1

  • SHA512

    a8346f4fb14b31e75bfeb2d6728864bc34cb1273a785b4e5de286b9716da681002b3c15ea85dcfdf1bd59cd2b0d066eb26baf0ce3291feebc169d8d7acf6eef4

  • SSDEEP

    12288:X2Hl/LW8WanB1q7XVMJe8UbBVAR4qfZNuG9qU6Ako9d7rCs4UA8g:X2H5LuanB1alMJlUbY3fCG9YAk0/xB

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://8.219.137.92:80/y6He

Attributes
  • headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Trojan.Win32.Swrort.exe
    "C:\Users\Admin\AppData\Local\Temp\Trojan.Win32.Swrort.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2316

Network

    No results found
  • 8.219.137.92:80
    Trojan.Win32.Swrort.exe
    152 B
    120 B
    3
    3
  • 8.219.137.92:80
    Trojan.Win32.Swrort.exe
    152 B
    120 B
    3
    3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2316-0-0x00000000000C0000-0x00000000000C1000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.