Analysis
-
max time kernel
105s -
max time network
116s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
10-11-2024 12:17
Behavioral task
behavioral1
Sample
9323afcb8b09c25a6e0a71d4a51677b353f6d08836ee72720be8bf4ccd738736N.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
9323afcb8b09c25a6e0a71d4a51677b353f6d08836ee72720be8bf4ccd738736N.exe
Resource
win10v2004-20241007-en
General
-
Target
9323afcb8b09c25a6e0a71d4a51677b353f6d08836ee72720be8bf4ccd738736N.exe
-
Size
72KB
-
MD5
8710e790067118e9b192c75feb7cc520
-
SHA1
e52a0482be52f3416c419a9c163565bd871e4d53
-
SHA256
9323afcb8b09c25a6e0a71d4a51677b353f6d08836ee72720be8bf4ccd738736
-
SHA512
c4a349922d1c9f27ca6efbb264065139d60e4a30016bd22ad30d7c770b8fe71ec7f8d61508a26e09202e0dbfe88becba194706e6846407c92650d8500c7884a8
-
SSDEEP
1536:ICD4XECdo8MzY7XqLQNpGHpBg3PXSeiDMb+KR0Nc8QsJq39:tD4XdHZr0QNpup6vme0Nc8QsC9
Malware Config
Extracted
metasploit
windows/reverse_tcp
192.168.56.105:2423
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
9323afcb8b09c25a6e0a71d4a51677b353f6d08836ee72720be8bf4ccd738736N.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 9323afcb8b09c25a6e0a71d4a51677b353f6d08836ee72720be8bf4ccd738736N.exe