Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
19-11-2024 23:36
Static task
static1
Behavioral task
behavioral1
Sample
e1b9ad60e124196f413549a8f7c50ad3f7f038c88fd76a4272b253e0e81acd60.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
e1b9ad60e124196f413549a8f7c50ad3f7f038c88fd76a4272b253e0e81acd60.exe
Resource
win10v2004-20241007-en
General
-
Target
e1b9ad60e124196f413549a8f7c50ad3f7f038c88fd76a4272b253e0e81acd60.exe
-
Size
2.0MB
-
MD5
c2e825b33980e9b19e62d526f911743c
-
SHA1
0550ccf04b884fd5739a82b370b90a1d7e51644c
-
SHA256
e1b9ad60e124196f413549a8f7c50ad3f7f038c88fd76a4272b253e0e81acd60
-
SHA512
ab74fa0ed35818d8498089ddc8133f1a63eedc3c011ef7a2b9ec3c6b0bb5ed530ad8be5c068743492e96af4eb4a3c98480413ba8e39054247819b99b9fd606e7
-
SSDEEP
49152:kzBQwqEAJs/6zVnrQHKOLS8ed0Mzjkxwn:iyTQHKOmd0Mzjkxwn
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
e1b9ad60e124196f413549a8f7c50ad3f7f038c88fd76a4272b253e0e81acd60.exedescription pid Process procid_target PID 2640 wrote to memory of 2656 2640 e1b9ad60e124196f413549a8f7c50ad3f7f038c88fd76a4272b253e0e81acd60.exe 31 PID 2640 wrote to memory of 2656 2640 e1b9ad60e124196f413549a8f7c50ad3f7f038c88fd76a4272b253e0e81acd60.exe 31 PID 2640 wrote to memory of 2656 2640 e1b9ad60e124196f413549a8f7c50ad3f7f038c88fd76a4272b253e0e81acd60.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\e1b9ad60e124196f413549a8f7c50ad3f7f038c88fd76a4272b253e0e81acd60.exe"C:\Users\Admin\AppData\Local\Temp\e1b9ad60e124196f413549a8f7c50ad3f7f038c88fd76a4272b253e0e81acd60.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2640 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2640 -s 842⤵PID:2656
-