Analysis
-
max time kernel
110s -
max time network
115s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07-11-2024 02:40
Static task
static1
Behavioral task
behavioral1
Sample
232e5b42c83c10d6f9085b451875ef41c18fea15c319305543359eb405b207b9N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
232e5b42c83c10d6f9085b451875ef41c18fea15c319305543359eb405b207b9N.exe
Resource
win10v2004-20241007-en
General
-
Target
232e5b42c83c10d6f9085b451875ef41c18fea15c319305543359eb405b207b9N.exe
-
Size
204KB
-
MD5
8e14b47e32f236dca99e5bf043743440
-
SHA1
d9ece7e3ac708590e19a818fc1197431314d8d21
-
SHA256
232e5b42c83c10d6f9085b451875ef41c18fea15c319305543359eb405b207b9
-
SHA512
7f631017f2a31506b9dada55ac400bfa78d77e106e63947f61c9bfc6c5da2350a6c1fae3af1db4daa1b2dbc5ae4be5ef1665de4d63ec2b5b61fc13acff8ebfe3
-
SSDEEP
3072:lVwto96+N9RHodD5z8l6Hc4z8q2fK87DiyDhZ8pFSPMmQ1f3Tv89FRYXfvWtWq3x:lVwtoRfWpUNOpsPM5jqRGetWqAXsPy
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp_allports
192.168.1.109:1
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
232e5b42c83c10d6f9085b451875ef41c18fea15c319305543359eb405b207b9N.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 232e5b42c83c10d6f9085b451875ef41c18fea15c319305543359eb405b207b9N.exe