Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
14-11-2024 05:45
Behavioral task
behavioral1
Sample
47fb7d8c03c58a9c0f5bb1fc4fae03abd3d50e9169e753530d8be96949e767ff.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
47fb7d8c03c58a9c0f5bb1fc4fae03abd3d50e9169e753530d8be96949e767ff.exe
Resource
win10v2004-20241007-en
General
-
Target
47fb7d8c03c58a9c0f5bb1fc4fae03abd3d50e9169e753530d8be96949e767ff.exe
-
Size
72KB
-
MD5
963b5f425400ac272f9c3da0dca0c49e
-
SHA1
987be0ee528177c2edd80f0fbb21b616ed66d683
-
SHA256
47fb7d8c03c58a9c0f5bb1fc4fae03abd3d50e9169e753530d8be96949e767ff
-
SHA512
32f56df97e4a7e563d2bbcd2b1f1270e9aec871835e664d951e6b9e1bfd21ed4539888fe0560cdadb87e90f9030ec122c8b8cd848b620032a0ef41a6d5977581
-
SSDEEP
1536:ImMyhVdP3RQZZ/QECCRU1f4HUlLWuKeBmFN1fBLHozMb+KR0Nc8QsJq3H:nMsVdP3RQrNPU1f4HEnsTVBjee0Nc8Qh
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
192.168.210.132:443
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 47fb7d8c03c58a9c0f5bb1fc4fae03abd3d50e9169e753530d8be96949e767ff.exe