Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26-09-2024 07:53
General
-
Target
690fd04e6cf87c0515ab399c6cc6838605b6639d32fbcf5b8459520095cde18bN.exe
-
Size
72KB
-
MD5
d33de6644257be8a3c6120f529a2a160
-
SHA1
b27c53fd5e26e45f7bded152808098aaf6d316c3
-
SHA256
690fd04e6cf87c0515ab399c6cc6838605b6639d32fbcf5b8459520095cde18b
-
SHA512
163f86701a8b415510be1daea49f58b50ca892ac3427809460e4f915f46577fd82fffecf51c30ce88930a6a63d2d1f57e4b8e6e52aba55659ec1f4d641820943
-
SSDEEP
1536:IaoLSqQCkbpEziCotLk3nODryMb+KR0Nc8QsJq39:LESBCkbpEzyWnOXye0Nc8QsC9
Malware Config
Extracted
metasploit
windows/reverse_winhttp
https://45.202.35.107:1108/5UuhWAjFMkJz4HLhFQtd-Qkpk9Z_gURwDpNS8SlHxsu_WujeICZzG4OGTpQ9LNJ_uu47F0MihL_3rwtMZom5cv2NDqy4mlmljoCje8CV4ngqwYFY93uzV8Kwlr_20Ld-3-YjIR1uJnebRV4CwxACE_XONh4_fLWoQ6bJR6TSzCuXvcRcotCsKs
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\690fd04e6cf87c0515ab399c6cc6838605b6639d32fbcf5b8459520095cde18bN.exe"C:\Users\Admin\AppData\Local\Temp\690fd04e6cf87c0515ab399c6cc6838605b6639d32fbcf5b8459520095cde18bN.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB