Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
01-12-2024 06:32
Behavioral task
behavioral1
Sample
4cc709f0fda404b647dae9ff8ddb57f84c9590dd7cc0aa695a04a60331407128.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4cc709f0fda404b647dae9ff8ddb57f84c9590dd7cc0aa695a04a60331407128.exe
Resource
win10v2004-20241007-en
General
-
Target
4cc709f0fda404b647dae9ff8ddb57f84c9590dd7cc0aa695a04a60331407128.exe
-
Size
12KB
-
MD5
dc7e2759f612a2f39f4a0ae9ccbf2bc7
-
SHA1
8e2de9a08ea6f05eddaa690338cff41bcb9bd00e
-
SHA256
4cc709f0fda404b647dae9ff8ddb57f84c9590dd7cc0aa695a04a60331407128
-
SHA512
40f4d4f45ee7d54e5340acafc2bd474ce73a07bc064a03ef1ffa74aa3200858364b0649cf712b1ac6a768b51c9bb8e112e024afc6363ae47fa25811d1364df4a
-
SSDEEP
192:7tA5YqrUmuPDXYT41RPuI81lqYh1oxZWr/p7Wg3PVgP1CrxYuuj37E5pz6fMKj75:CVrUmuPD91v814Yh1ymxZ/V6717
Malware Config
Extracted
metasploit
windows/download_exec
http://192.168.196.144:10010/Mj7n
- headers User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 4cc709f0fda404b647dae9ff8ddb57f84c9590dd7cc0aa695a04a60331407128.exe
Processes
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request154.239.44.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request83.210.23.2.in-addr.arpaIN PTRResponse83.210.23.2.in-addr.arpaIN PTRa2-23-210-83deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request134.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.150.49.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.150.49.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request56.163.245.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request13.227.111.52.in-addr.arpaIN PTRResponse
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
154.239.44.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
83.210.23.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
134.32.126.40.in-addr.arpa
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
241.150.49.20.in-addr.arpa
DNS Request
241.150.49.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
56.163.245.4.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
13.227.111.52.in-addr.arpa