Analysis
-
max time kernel
96s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
01-12-2024 10:26
General
-
Target
5acd9c9adfcca92c5c333d83c3652be9c01da84789c076925b165cc27ab3c77a.exe
-
Size
42KB
-
MD5
702a243186137c07b8ab44b309259bd7
-
SHA1
473c849e53818370c2749d38619de2ebbfd409bc
-
SHA256
5acd9c9adfcca92c5c333d83c3652be9c01da84789c076925b165cc27ab3c77a
-
SHA512
5792d95b1e818aed6fa19ceaac13f8e94a548eec56f07905323cdcc57d7cebd6111576c20296f184652d23e4d6f12bad78d691855592a12096ca052fd76461c9
-
SSDEEP
384:229NUL7cLamfEWexKcJkQe5NymA0nAlEL4KBBwPh6HyzyJByD2ntUL:p9NU/cLi6QenrL4KB4hwyzyJByDFL
Malware Config
Extracted
metasploit
windows/download_exec
http://192.168.196.144:10010/5fPq
- headers User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\5acd9c9adfcca92c5c333d83c3652be9c01da84789c076925b165cc27ab3c77a.exe"C:\Users\Admin\AppData\Local\Temp\5acd9c9adfcca92c5c333d83c3652be9c01da84789c076925b165cc27ab3c77a.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
-
Filesize
128KB