Analysis
-
max time kernel
115s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
13-11-2024 00:42
Behavioral task
behavioral1
Sample
f173defd59c0e0ad1c7b2b7f633e3aac94d9336d3d94a7cb29b525d5bf96aefd.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f173defd59c0e0ad1c7b2b7f633e3aac94d9336d3d94a7cb29b525d5bf96aefd.exe
Resource
win10v2004-20241007-en
General
-
Target
f173defd59c0e0ad1c7b2b7f633e3aac94d9336d3d94a7cb29b525d5bf96aefd.exe
-
Size
6KB
-
MD5
f5f89a81642c3d06a6fe19bef2ed289c
-
SHA1
be2098bf25c4f537ddec61fcfa0c37a38a7e4dd9
-
SHA256
f173defd59c0e0ad1c7b2b7f633e3aac94d9336d3d94a7cb29b525d5bf96aefd
-
SHA512
221e0796bfd244aa0f2f79ae4f12dcb7bb2941a449dbdd00990be0b7b7de900723cdb7846d7413f526950ce3f14ee9652271709686b36eac502af29ff4c3dff3
-
SSDEEP
48:6Q0puCN62QRojrgmZkfVKVNMdyQPA22loVtb6OTUYxZeCOOgIypcyjStv54tdt0m:K62QQE4ShNVt+OThW7jStP40pEzNtl
Malware Config
Extracted
metasploit
windows/reverse_http
http://192.168.45.226:443/nbOEKdHrZky3J7Ym0C3N9gTM-POqGJ3bBVAUtRIK5irDgNH6vbHfMHLK2dM0Y3snyMgIi_D6sf-L0IiIwZPAGvnNTaPtXs3dgE7jsDKSjz-mepvAkHqZE0L7cZueU4JZNPVMwqnyxjRYp6-NKyAL0P9an1DLbboPYySi1eB5NFjx8_2gCOQuxnGbVxoEY6Mr-fj7E2_AJsmxC50iGsvrYa
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language f173defd59c0e0ad1c7b2b7f633e3aac94d9336d3d94a7cb29b525d5bf96aefd.exe