Analysis
-
max time kernel
110s -
max time network
115s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
30-11-2024 12:34
Behavioral task
behavioral1
Sample
8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399N.exe
Resource
win10v2004-20241007-en
General
-
Target
8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399N.exe
-
Size
17KB
-
MD5
aa09cac17f09c6429ada7ee8e9859970
-
SHA1
09a137f108d18325005425d5a0e1d8165c3d21db
-
SHA256
8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399
-
SHA512
91b18a9cccb8dfa8adae3b0bc7088e4a0fd3380ce066e5dd116ac9cd0960efc6176d2585735fa554efe38f82c310c9140f5e08d556f08d3a9173a37df1c1c85b
-
SSDEEP
192:S4/aSzCsFv9C3z9JmE9KQnwubZubz7FKo86wooDVFuPB1ovyForcCC4h:SqzCs6j90BAYXYodKD+PEKarcZE
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Extracted
metasploit
windows/download_exec
http://123.254.105.223:80/7eIw
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8ce2c083caf08af811ddfeead4abd052fb397ee60da9ce7c3accab7d7ec6c399N.exe
Processes
Network
- No results found
-
152 B 3
-
152 B 3
-
152 B 3
-
152 B 3
-
152 B 3
-
152 B 3