Analysis

  • max time kernel
    110s
  • max time network
    115s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 12:34

General

  • Target

    8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399N.exe

  • Size

    17KB

  • MD5

    aa09cac17f09c6429ada7ee8e9859970

  • SHA1

    09a137f108d18325005425d5a0e1d8165c3d21db

  • SHA256

    8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399

  • SHA512

    91b18a9cccb8dfa8adae3b0bc7088e4a0fd3380ce066e5dd116ac9cd0960efc6176d2585735fa554efe38f82c310c9140f5e08d556f08d3a9173a37df1c1c85b

  • SSDEEP

    192:S4/aSzCsFv9C3z9JmE9KQnwubZubz7FKo86wooDVFuPB1ovyForcCC4h:SqzCs6j90BAYXYodKD+PEKarcZE

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://123.254.105.223:80/7eIw

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Metasploit family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2644

Network

    No results found
  • 123.254.105.223:80
    8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399N.exe
    152 B
    3
  • 123.254.105.223:80
    8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399N.exe
    152 B
    3
  • 123.254.105.223:80
    8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399N.exe
    152 B
    3
  • 123.254.105.223:80
    8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399N.exe
    152 B
    3
  • 123.254.105.223:80
    8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399N.exe
    152 B
    3
  • 123.254.105.223:80
    8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399N.exe
    152 B
    3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2644-1-0x0000000000090000-0x0000000000290000-memory.dmp

    Filesize

    2.0MB

  • memory/2644-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

  • memory/2644-3-0x0000000000090000-0x0000000000290000-memory.dmp

    Filesize

    2.0MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.