Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
05-11-2024 23:24
Behavioral task
behavioral1
Sample
9724a3b9cbfe7f209ffda452e8fc8e3cbfd5b7f38c5149453760868dc6aabbfeN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9724a3b9cbfe7f209ffda452e8fc8e3cbfd5b7f38c5149453760868dc6aabbfeN.exe
Resource
win10v2004-20241007-en
General
-
Target
9724a3b9cbfe7f209ffda452e8fc8e3cbfd5b7f38c5149453760868dc6aabbfeN.exe
-
Size
898KB
-
MD5
298694c454b1b6977f4f0ee1464df800
-
SHA1
f28f8ae5350d1086475706d2f2dbe6c18d64c7da
-
SHA256
9724a3b9cbfe7f209ffda452e8fc8e3cbfd5b7f38c5149453760868dc6aabbfe
-
SHA512
df45d0bf74ef29aaaedf441206d574c9b95255b8523c288c3bb0216b08856bcf38a78a299dba13e8918e027a3d9bde478e3e7f5f5f7bad9bca7d27a902d501e6
-
SSDEEP
24576:21+hn0CHRV8uiETwwfOCxjnD/WxPds0dIZorWQ4ad50yCj2hU:V5RV8uiFpULD/WxFs0WZorn4a4yC1
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
192.168.0.7:4444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Processes:
resource yara_rule behavioral1/memory/1868-0-0x0000000140000000-0x000000014011F000-memory.dmp upx behavioral1/memory/1868-2-0x0000000140000000-0x000000014011F000-memory.dmp upx