Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
04-12-2024 05:17
General
-
Target
64dfa8e6472952252aeffc9c0ac72ce9b21247864669f3ccf1916b9acc43c18bN.exe
-
Size
72KB
-
MD5
f2edb5357fc50d6a19fd913927400a80
-
SHA1
51e4d1179bb7c88b156e289878226bf984d20b70
-
SHA256
64dfa8e6472952252aeffc9c0ac72ce9b21247864669f3ccf1916b9acc43c18b
-
SHA512
c33561473618fc27f505b905ad900e048ca71eadd761524aaaa244be32eee216dde96c38bf744647fa954b1bf47d1d7bf230f8ccc274128912e3d46ee3a96635
-
SSDEEP
1536:ICc2EcV3lwLMe7NAcmG7WvY9fm4Y7iHSuMb+KR0Nc8QsJq39:WlK3lyicl7WQlYOHSue0Nc8QsC9
Malware Config
Extracted
metasploit
windows/reverse_http
http://10.0.2.22:4444/huS5c7baXhVA4kHjJ6qoGA7IEWx1Kb8G9LYUlp6TOeRUauTsOlc-oQlO5LUmwwobVqK9i439XQ14EK6AbfAouD9-s431YvwCuYrPxqVI0ggwq2H5OpCdvVdybOkiVX9gth_XRjl4Nwr69dgKysC-ff-PHYWyJISeuPeZBX0uR-BC7H5ZHkcGb8I789O6O
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\64dfa8e6472952252aeffc9c0ac72ce9b21247864669f3ccf1916b9acc43c18bN.exe"C:\Users\Admin\AppData\Local\Temp\64dfa8e6472952252aeffc9c0ac72ce9b21247864669f3ccf1916b9acc43c18bN.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB