Analysis
-
max time kernel
104s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
11-11-2024 21:06
Behavioral task
behavioral1
Sample
a7a608476e2acfd1608a988e1dd8a6d0777ffb4789d94bf7b7e0008824a34b56N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a7a608476e2acfd1608a988e1dd8a6d0777ffb4789d94bf7b7e0008824a34b56N.exe
Resource
win10v2004-20241007-en
General
-
Target
a7a608476e2acfd1608a988e1dd8a6d0777ffb4789d94bf7b7e0008824a34b56N.exe
-
Size
6KB
-
MD5
1df6e8787ba2380f3a0cd141961dbe90
-
SHA1
1ce55246ed057b6cb8bda03a85ede02ed9f15d71
-
SHA256
a7a608476e2acfd1608a988e1dd8a6d0777ffb4789d94bf7b7e0008824a34b56
-
SHA512
5c6a2cbb7071209fdab5a37d4d729ed8844bd10692f0e4a7475e8328869817550928a9f97d92eda2c1e3646966716351792954c4d097a8ae2122d66ffcf6dd75
-
SSDEEP
48:6Q0puCN62QRojrgmZkfVKVNMdyQPA22loVtb6OTUYxZeCOOgIypcyjStv54tdt0Z:K62QQE4ShNVt+OThW7jStP40pEzNt
Malware Config
Extracted
metasploit
windows/reverse_http
http://192.168.45.226:443/nbOEKdHrZky3J7Ym0C3N9gTM-POqGJ3bBVAUtRIK5irDgNH6vbHfMHLK2dM0Y3snyMgIi_D6sf-L0IiIwZPAGvnNTaPtXs3dgE7jsDKSjz-mepvAkHqZE0L7cZueU4JZNPVMwqnyxjRYp6-NKyAL0P9an1DLbboPYySi1eB5NFjx8_2gCOQuxnGbVxoEY6Mr-fj7E2_AJsmxC50iGsvrYa
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
a7a608476e2acfd1608a988e1dd8a6d0777ffb4789d94bf7b7e0008824a34b56N.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a7a608476e2acfd1608a988e1dd8a6d0777ffb4789d94bf7b7e0008824a34b56N.exe