Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
05/12/2024, 17:05
General
-
Target
cdcace8fbb5d64963234d51b7f756a10b0504ce73a4ae5da9b1963096631a124.exe
-
Size
258KB
-
MD5
6f99152b7ca97851166a4a6758ec5167
-
SHA1
011584db85bc0db9eda791255578aa434041dfcc
-
SHA256
cdcace8fbb5d64963234d51b7f756a10b0504ce73a4ae5da9b1963096631a124
-
SHA512
fbbb3f14a028e17532f6d23151f2cc80d22d38904ba6a682b924c69e7f4a415151fd3be0ee3377e565b1d0df41ad15510eb679e6238d94103590ac1b69f6d0d8
-
SSDEEP
6144:Pv0TIJu+3GXNHTM9gaxRTKp9dm2ua7jZiX+pJLh6:ETf+2dzMe2Kua7MX+r6
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/download_exec
C2
http://192.168.239.129:17822/3vfM
Attributes
- headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7)
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cdcace8fbb5d64963234d51b7f756a10b0504ce73a4ae5da9b1963096631a124.exe"C:\Users\Admin\AppData\Local\Temp\cdcace8fbb5d64963234d51b7f756a10b0504ce73a4ae5da9b1963096631a124.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1044 -s 602⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
292KB