Analysis
-
max time kernel
92s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
26-09-2024 13:51
General
-
Target
391d3a896bf72beead63e402a25ca18bf91da010227dd23a8c47fbbe9e9858ad.exe
-
Size
648KB
-
MD5
d7c3740c910c9da4e384b81683769654
-
SHA1
b6f3df28d075bab25e4836c770ec5df05efd8873
-
SHA256
391d3a896bf72beead63e402a25ca18bf91da010227dd23a8c47fbbe9e9858ad
-
SHA512
7b2bb823d2c37b62b6258fcd0a8f6d51c63f5102e6112b7498b295acdc8651a5e8a3f2d6415861bb09537277bfb17479e524757ec97cf9516e52729f2e65cce2
-
SSDEEP
12288:jlvDmpRKMBnljdL6RfTDrbz8v09t7dQNAVteW7odM87rCsn88g:jlbgKMBnnL6JTDrH00v7QAqW7U/v1
Malware Config
Extracted
metasploit
windows/download_exec
http://192.168.64.134:80/bfJJ
- headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\391d3a896bf72beead63e402a25ca18bf91da010227dd23a8c47fbbe9e9858ad.exe"C:\Users\Admin\AppData\Local\Temp\391d3a896bf72beead63e402a25ca18bf91da010227dd23a8c47fbbe9e9858ad.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB