Analysis
-
max time kernel
144s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
11-11-2024 22:25
General
-
Target
5230a9c1f5c87b1a52c4423dc0ca5f76e99375f8d1a6f896882760ccaf1574ee.exe
-
Size
72KB
-
MD5
b039a0459935f7b4f79cace0bae5154e
-
SHA1
554a050d9d5ea70029da7ddcb82f3fd2df486113
-
SHA256
5230a9c1f5c87b1a52c4423dc0ca5f76e99375f8d1a6f896882760ccaf1574ee
-
SHA512
e079cdcc8fc1026805d5dd39c041254c427ea291129756752713ba0c479b15da6f3e70dfac82d6b468ff4287f1681eb2e649029ea4f060770881de2903b2b38d
-
SSDEEP
1536:I0gEcGnWtxIZAXd7rgZEf7IKUKuMb+KR0Nc8QsJq39:NOQKd7Eace0Nc8QsC9
Malware Config
Extracted
metasploit
windows/reverse_http
http://192.168.1.44:443/kLFcLZPZbfeBt4C25pjKagnJErXVBOcNvIi2TgCwRcvwtQ6Ov_kfLFyjUHMHkPLO5LOcywWOdSPyB1rVFm4fOmb1jfiDyA-Hl8FJ9h2ya_QoZn6iCBWETicTybP-c05NqBfEjdvQlQsyUWyDlUjGChwxMc7IlN-lxPb0vMizV-PY8k-QXCo1D2jtv1WjM4Q4RZSuxaZoia8pDc7MB1tYhPgs7eIu3sTV7XNrhfsIIGs4kFk5EX
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\5230a9c1f5c87b1a52c4423dc0ca5f76e99375f8d1a6f896882760ccaf1574ee.exe"C:\Users\Admin\AppData\Local\Temp\5230a9c1f5c87b1a52c4423dc0ca5f76e99375f8d1a6f896882760ccaf1574ee.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB