Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
19-11-2024 23:42
General
-
Target
e1b9ad60e124196f413549a8f7c50ad3f7f038c88fd76a4272b253e0e81acd60.exe
-
Size
2.0MB
-
MD5
c2e825b33980e9b19e62d526f911743c
-
SHA1
0550ccf04b884fd5739a82b370b90a1d7e51644c
-
SHA256
e1b9ad60e124196f413549a8f7c50ad3f7f038c88fd76a4272b253e0e81acd60
-
SHA512
ab74fa0ed35818d8498089ddc8133f1a63eedc3c011ef7a2b9ec3c6b0bb5ed530ad8be5c068743492e96af4eb4a3c98480413ba8e39054247819b99b9fd606e7
-
SSDEEP
49152:kzBQwqEAJs/6zVnrQHKOLS8ed0Mzjkxwn:iyTQHKOmd0Mzjkxwn
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
encoder/shikata_ga_nai
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e1b9ad60e124196f413549a8f7c50ad3f7f038c88fd76a4272b253e0e81acd60.exe"C:\Users\Admin\AppData\Local\Temp\e1b9ad60e124196f413549a8f7c50ad3f7f038c88fd76a4272b253e0e81acd60.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2500 -s 842⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
200KB
-
Filesize
1.2MB