Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
18-09-2024 00:15
Behavioral task
behavioral1
Sample
a7ccfed0cb52327e902d946d515e15f077a6c75951bed0f53d82e8ac1171dda8.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a7ccfed0cb52327e902d946d515e15f077a6c75951bed0f53d82e8ac1171dda8.exe
Resource
win10v2004-20240802-en
General
-
Target
a7ccfed0cb52327e902d946d515e15f077a6c75951bed0f53d82e8ac1171dda8.exe
-
Size
72KB
-
MD5
5c71c4931add96e7035a7272ed0bb6b5
-
SHA1
15a00ed88624167ffb6581f1b8260ab1847da6fd
-
SHA256
a7ccfed0cb52327e902d946d515e15f077a6c75951bed0f53d82e8ac1171dda8
-
SHA512
6afb1b8337916ceac703db530ad9fca0387b8170f4f112aaa0c6d2fe0dc698f8ead10ce8d2766b74cd8124652f59b9a01d260e110c39f643baaf8d6346557388
-
SSDEEP
1536:I8iWivPikYWBE2CxJpAt+yuR8BzfmHab99Mb+KR0Nc8QsJq39:ZjivPWtBxg+mBjbbe0Nc8QsC9
Malware Config
Extracted
metasploit
windows/reverse_tcp
192.168.100.19:4444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a7ccfed0cb52327e902d946d515e15f077a6c75951bed0f53d82e8ac1171dda8.exe