Analysis
-
max time kernel
117s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
02-12-2024 20:40
Behavioral task
behavioral1
Sample
711436218aafd9e48adb190d0cef01a62162250de47e2691a769fa4de600a2ca.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
711436218aafd9e48adb190d0cef01a62162250de47e2691a769fa4de600a2ca.exe
Resource
win10v2004-20241007-en
General
-
Target
711436218aafd9e48adb190d0cef01a62162250de47e2691a769fa4de600a2ca.exe
-
Size
282KB
-
MD5
b3c728eb71744e9fda6bacf16c420bb8
-
SHA1
ee16148e443620b7b62441a5e8bf4357e31c3a60
-
SHA256
711436218aafd9e48adb190d0cef01a62162250de47e2691a769fa4de600a2ca
-
SHA512
2e63a3f033529388d71d94e559279e6cbade4588a747f4ee1cb80ea91c0d0e39bf30d17aaa2dc2cc792dd9a5b5b6b3def0a6e2f09256bce206b4e044b5b528a9
-
SSDEEP
6144:hgfABnR8YfEL01SHhRG/NqHtogoSok+AWGChCUVAwo:hFD9oCstdoS2tGChxAwo
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/shell_reverse_tcp
105.103.6.61:444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
resource yara_rule behavioral1/memory/2544-0-0x0000000000400000-0x000000000057C000-memory.dmp upx behavioral1/memory/2544-1-0x0000000000400000-0x000000000057C000-memory.dmp upx behavioral1/memory/2544-11-0x0000000000400000-0x000000000057C000-memory.dmp upx