Analysis
-
max time kernel
12s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
27-11-2024 22:15
General
-
Target
b3fa9a0960d69f734141e90c1c95b6774adcbfb29ee2765df39221daf9fb95f2.exe
-
Size
72KB
-
MD5
cab0228173ceb5263d9239f7d168b367
-
SHA1
5c339619811153a13f63390e793a0a3cd0b399b7
-
SHA256
b3fa9a0960d69f734141e90c1c95b6774adcbfb29ee2765df39221daf9fb95f2
-
SHA512
cfc0003e21b6cdbbf5873f07aed80c54224c60c6312a802f1d096957bad281b7570078eec1d21d928863af462152f5ad619ff89c92e3944960b81097f30fbe34
-
SSDEEP
1536:ILTYdVOXow5KtNuEzzy45xD3uqBGMb+KR0Nc8QsJq3f:u4w4i+Ge0Nc8QsCf
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/exec
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b3fa9a0960d69f734141e90c1c95b6774adcbfb29ee2765df39221daf9fb95f2.exe"C:\Users\Admin\AppData\Local\Temp\b3fa9a0960d69f734141e90c1c95b6774adcbfb29ee2765df39221daf9fb95f2.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /C echo 'OS{c9cfbf643db83c46a2ce660a347df50a}'2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB