Analysis
-
max time kernel
104s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19-12-2024 23:15
General
-
Target
dad264d25243ec06a5d6d8e8fff22d45467dbb1a5dacd1694d0c169f98f10cbbN.exe
-
Size
72KB
-
MD5
ec23a9873725c9a33cb0e662507f4540
-
SHA1
8a9057ebf0fd646431018c7d12d5b3b627793868
-
SHA256
dad264d25243ec06a5d6d8e8fff22d45467dbb1a5dacd1694d0c169f98f10cbb
-
SHA512
8d10b95002a7b437ab9842545fe2b9404f6f5ed76f1896f8e63bbd44e5ae00dd3fec8175935d2c7426128cc74d64bfb27cc1a0b587e6c6c81d8240cbf062066c
-
SSDEEP
1536:I7Dxd6ht4Jpp5LfACSGrD5LMb+KR0Nc8QsJq39:QdVACjrDhe0Nc8QsC9
Malware Config
Extracted
metasploit
windows/reverse_http
http://192.168.32.128:808/Vpemds_Xe9qQeJF59xpYigJOv07BgTNFljQSyudu66F_E7IjKJspN-jX6zocZPfSRB0sfngGrZECNqfL_YqV4iV_YCVvbADSimcyxxPW14Mg_-BbUwKKqpe9kw9ZhAVQtrLEJMMJcfBBtimcSTOHM9-aXag9_KiobE4K-V7gCh0fA1drx86_lMA-10my3e9Zn6N7SKWIukV
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\dad264d25243ec06a5d6d8e8fff22d45467dbb1a5dacd1694d0c169f98f10cbbN.exe"C:\Users\Admin\AppData\Local\Temp\dad264d25243ec06a5d6d8e8fff22d45467dbb1a5dacd1694d0c169f98f10cbbN.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB