Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
06-12-2024 15:08
Behavioral task
behavioral1
Sample
7fd934bf845b4bc0e37eb2c38a85045d332aee79d83e018eb0ad648802785ad1.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
7fd934bf845b4bc0e37eb2c38a85045d332aee79d83e018eb0ad648802785ad1.exe
Resource
win10v2004-20241007-en
General
-
Target
7fd934bf845b4bc0e37eb2c38a85045d332aee79d83e018eb0ad648802785ad1.exe
-
Size
11KB
-
MD5
75ddb1c02a42010172e5e5ab02d4f95c
-
SHA1
64f0c18bdbc2c45aee9953917f4d5da569d865a4
-
SHA256
7fd934bf845b4bc0e37eb2c38a85045d332aee79d83e018eb0ad648802785ad1
-
SHA512
df786996014b33fe7cf6c57cb1b47aa2ed45c5d1e2d41e56c12825703d6720b3a7241c5632d1d9e43238cf514ff10d061589b6296fedbf1eaa8b98e16aa1c6d7
-
SSDEEP
192:0Dj2HT5rp8gI8ss1bSrVEW13/TzcsX1L/7Ca87E5pz6fM0W:0faNq85SrVEQ/PcUq7l
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
192.168.196.144:456
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7fd934bf845b4bc0e37eb2c38a85045d332aee79d83e018eb0ad648802785ad1.exe
Processes
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request154.239.44.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request216.87.200.23.in-addr.arpaIN PTRResponse216.87.200.23.in-addr.arpaIN PTRa23-200-87-216deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request200.163.202.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request215.244.18.2.in-addr.arpaIN PTRResponse215.244.18.2.in-addr.arpaIN PTRa2-18-244-215deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request85.49.80.91.in-addr.arpaIN PTRResponse
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
154.239.44.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
216.87.200.23.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
74 B 160 B 1 1
DNS Request
200.163.202.172.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
215.244.18.2.in-addr.arpa
-
70 B 145 B 1 1
DNS Request
85.49.80.91.in-addr.arpa