Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
-
submitted
03-12-2024 03:07
General
-
Target
e473233c71a8855f9d52fe131830b56d0b5ea9b6eeb0e2d5528cbef29360668f.exe
-
Size
72KB
-
MD5
ab95efbeb890f50d89b56a14f2c0bbd1
-
SHA1
a90b055e0cfafb31b75bb2be8cac9a07f1c06088
-
SHA256
e473233c71a8855f9d52fe131830b56d0b5ea9b6eeb0e2d5528cbef29360668f
-
SHA512
b553e90455a4ad9f3e64d9b08ac4a71d99eb2386cd1ec2e2937fe52317c5e6de3794c471a52d1bd400e01277583807563b630cfbcb4ad2792111847eaa81f919
-
SSDEEP
1536:I/Bc+kGtU3NS2p0ubBGO2CMa13ULCwdVMb+KR0Nc8QsJq39:ic7d0uGO5CLBVe0Nc8QsC9
Malware Config
Extracted
metasploit
windows/reverse_http
http://89.197.154.116:7810/nBToDGkEDccfmB6ZeN43LQts7hqNmqK_VX6-BS_IVcYCHoHiRq6AeDd6kmpK5K0ObUA4rfqWhqBnvB2uqyvfpzC8kCkjBTik2XoX-VuJYRtjnHqR
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\e473233c71a8855f9d52fe131830b56d0b5ea9b6eeb0e2d5528cbef29360668f.exe"C:\Users\Admin\AppData\Local\Temp\e473233c71a8855f9d52fe131830b56d0b5ea9b6eeb0e2d5528cbef29360668f.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB