Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-12-2024 15:08

General

  • Target

    7fd934bf845b4bc0e37eb2c38a85045d332aee79d83e018eb0ad648802785ad1.exe

  • Size

    11KB

  • MD5

    75ddb1c02a42010172e5e5ab02d4f95c

  • SHA1

    64f0c18bdbc2c45aee9953917f4d5da569d865a4

  • SHA256

    7fd934bf845b4bc0e37eb2c38a85045d332aee79d83e018eb0ad648802785ad1

  • SHA512

    df786996014b33fe7cf6c57cb1b47aa2ed45c5d1e2d41e56c12825703d6720b3a7241c5632d1d9e43238cf514ff10d061589b6296fedbf1eaa8b98e16aa1c6d7

  • SSDEEP

    192:0Dj2HT5rp8gI8ss1bSrVEW13/TzcsX1L/7Ca87E5pz6fM0W:0faNq85SrVEQ/PcUq7l

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.196.144:456

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Metasploit family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7fd934bf845b4bc0e37eb2c38a85045d332aee79d83e018eb0ad648802785ad1.exe
    "C:\Users\Admin\AppData\Local\Temp\7fd934bf845b4bc0e37eb2c38a85045d332aee79d83e018eb0ad648802785ad1.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:600

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    216.87.200.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    216.87.200.23.in-addr.arpa
    IN PTR
    Response
    216.87.200.23.in-addr.arpa
    IN PTR
    a23-200-87-216deploystaticakamaitechnologiescom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.163.202.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.163.202.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    215.244.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    215.244.18.2.in-addr.arpa
    IN PTR
    Response
    215.244.18.2.in-addr.arpa
    IN PTR
    a2-18-244-215deploystaticakamaitechnologiescom
  • flag-us
    DNS
    85.49.80.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    85.49.80.91.in-addr.arpa
    IN PTR
    Response
  • 192.168.196.144:456
    7fd934bf845b4bc0e37eb2c38a85045d332aee79d83e018eb0ad648802785ad1.exe
    1.9kB
    37
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    216.87.200.23.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    216.87.200.23.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    200.163.202.172.in-addr.arpa
    dns
    74 B
    160 B
    1
    1

    DNS Request

    200.163.202.172.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    215.244.18.2.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    215.244.18.2.in-addr.arpa

  • 8.8.8.8:53
    85.49.80.91.in-addr.arpa
    dns
    70 B
    145 B
    1
    1

    DNS Request

    85.49.80.91.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/600-0-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

  • memory/600-2-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.