Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2024 07:54

General

  • Target

    22e231b2a1bc050066bdfbcdd95f054cab273fa336b46217f9773fd494044170.exe

  • Size

    72KB

  • MD5

    df9c16b7f37601078aad92a321ee4224

  • SHA1

    b02ce1ca3291b3ad0449fdde3855b002e3efe236

  • SHA256

    22e231b2a1bc050066bdfbcdd95f054cab273fa336b46217f9773fd494044170

  • SHA512

    b494174e84ab409f93ba84c7643fcb5edcf457961b1013f39635e1be2e46a2cfd84d5b8d61eb49923b47400b75dd731e30f32c03a856e6e64ea18c699cd2fde3

  • SSDEEP

    1536:ILTYdVOXoo5KtNuEzzy45xD3uqBGMb+KR0Nc8QsJq3F:u4o4i+Ge0Nc8QsCF

Malware Config

Extracted

Family

metasploit

Version

windows/exec

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Metasploit family
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22e231b2a1bc050066bdfbcdd95f054cab273fa336b46217f9773fd494044170.exe
    "C:\Users\Admin\AppData\Local\Temp\22e231b2a1bc050066bdfbcdd95f054cab273fa336b46217f9773fd494044170.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C echo 'OS{25bcb6bbb8802cd6bd60a7f1671d8099}'
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2372-0-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.