Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    14-11-2024 05:45

General

  • Target

    47fb7d8c03c58a9c0f5bb1fc4fae03abd3d50e9169e753530d8be96949e767ff.exe

  • Size

    72KB

  • MD5

    963b5f425400ac272f9c3da0dca0c49e

  • SHA1

    987be0ee528177c2edd80f0fbb21b616ed66d683

  • SHA256

    47fb7d8c03c58a9c0f5bb1fc4fae03abd3d50e9169e753530d8be96949e767ff

  • SHA512

    32f56df97e4a7e563d2bbcd2b1f1270e9aec871835e664d951e6b9e1bfd21ed4539888fe0560cdadb87e90f9030ec122c8b8cd848b620032a0ef41a6d5977581

  • SSDEEP

    1536:ImMyhVdP3RQZZ/QECCRU1f4HUlLWuKeBmFN1fBLHozMb+KR0Nc8QsJq3H:nMsVdP3RQrNPU1f4HEnsTVBjee0Nc8Qh

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.210.132:443

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Metasploit family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\47fb7d8c03c58a9c0f5bb1fc4fae03abd3d50e9169e753530d8be96949e767ff.exe
    "C:\Users\Admin\AppData\Local\Temp\47fb7d8c03c58a9c0f5bb1fc4fae03abd3d50e9169e753530d8be96949e767ff.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1100-0-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB