Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18/09/2024, 21:11

General

  • Target

    48b5af9b40c9d14eaf91167fa6142c56fe7909db150acf3cd01dbc67be394dbc.exe

  • Size

    72KB

  • MD5

    73d73c024fe835926456bf9b3e319202

  • SHA1

    12a217e0ee1c614aaddc3270f7a99660c1dbfa7c

  • SHA256

    48b5af9b40c9d14eaf91167fa6142c56fe7909db150acf3cd01dbc67be394dbc

  • SHA512

    61ea4b430ef86811ceb89aa562e1f5477ec3fa521e0dd8dd72ba2480f5af00d1071a1d71c0619c8500200f5130eec3649b57d23c49b605d9d0b28e6e3712bea8

  • SSDEEP

    1536:I3waaML8Fpsfcnz5P5Fbc0ylfCkMb+KR0Nc8QsJq39:5aaq8wm5PPiCke0Nc8QsC9

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\48b5af9b40c9d14eaf91167fa6142c56fe7909db150acf3cd01dbc67be394dbc.exe
    "C:\Users\Admin\AppData\Local\Temp\48b5af9b40c9d14eaf91167fa6142c56fe7909db150acf3cd01dbc67be394dbc.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/388-0-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB