Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
14-11-2024 01:36
Behavioral task
behavioral1
Sample
aeebbe1a75df0f8e37bd863fe24c26512dad41e9b14d09268c83a31cdb53d6bf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
aeebbe1a75df0f8e37bd863fe24c26512dad41e9b14d09268c83a31cdb53d6bf.exe
Resource
win10v2004-20241007-en
General
-
Target
aeebbe1a75df0f8e37bd863fe24c26512dad41e9b14d09268c83a31cdb53d6bf.exe
-
Size
72KB
-
MD5
636abbd8d0cac658f2cefc02f3bcd232
-
SHA1
53859b9d03c719a26a139311b00c76c186a59dd7
-
SHA256
aeebbe1a75df0f8e37bd863fe24c26512dad41e9b14d09268c83a31cdb53d6bf
-
SHA512
2c153b3a39348865af06da965a4bbc3afad128622d5ee6fd5b480d7e42417970ac8cdefdd3fdbf5a82a1e9b3c8896d501777713e0ea99b2038a3854e812f439f
-
SSDEEP
1536:I0QTgXvEmC7uGLTyUV+GAUEmUhLXwquVcMb+KR0Nc8QsJq39:HtC3+TUAh2Oe0Nc8QsC9
Malware Config
Extracted
metasploit
windows/reverse_tcp
18.203.89.38:8443
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
aeebbe1a75df0f8e37bd863fe24c26512dad41e9b14d09268c83a31cdb53d6bf.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language aeebbe1a75df0f8e37bd863fe24c26512dad41e9b14d09268c83a31cdb53d6bf.exe