Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
21-12-2024 15:25
General
-
Target
0a5aac647c4708953bd2935be3286473b7b458ced28d5ad73926ed34d279a67b.exe
-
Size
2.0MB
-
MD5
107f98455430a4a3cdd706ba23095842
-
SHA1
472653a8761956f75aae70fb05930de7c2bbc07b
-
SHA256
0a5aac647c4708953bd2935be3286473b7b458ced28d5ad73926ed34d279a67b
-
SHA512
43ed97964a53c4ff1315367afc6cff8617033bcd908e8e3a61de492a69bbcd82de2c36b4c78563f4485988a942936a963aeb3bd35a08d85b07a5acd3fd4e9906
-
SSDEEP
24576:SpVmnS4FzCeLkIQSjAclSFAB6pgKeTRKcvbExxlQJ2k1hwHIhC4fHf:SX41VO28uBcek0bVwHAP
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
121.89.201.85:44444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Executes dropped EXE 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a5aac647c4708953bd2935be3286473b7b458ced28d5ad73926ed34d279a67b.exe"C:\Users\Admin\AppData\Local\Temp\0a5aac647c4708953bd2935be3286473b7b458ced28d5ad73926ed34d279a67b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd " /c" C:\\Users\\Public\\mmm.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\mmm.exeC:\\Users\\Public\\mmm.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\system32\cmd.execmd " /c" C:\\Users\\Public\\SecureCRT-kg.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\SecureCRT-kg.exeC:\\Users\\Public\\SecureCRT-kg.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280KB
MD5e7bf3e52d49b48c30f110b1ad01e0fc5
SHA149a531a381095adee1d2652305cc4a59ada3b5ec
SHA25643af5fdebe2006a51a368971924f9c08c919a45da86ec42639351af0c00517bd
SHA51204cf584edddcbe058139c696d91c7c72232091953e95fa56bbd014eef0e98da17554ab7462c91bd0a32a5b2d6fb02201682cdfb454c3318df7773648808694e8
-
Filesize
72KB
MD55b11cb23d0a1d6c443cd73362cd6e439
SHA1d0fe8aef6ad30117ef042b09a9b74aa6eab08861
SHA25636134f795c49e9fec793977bb41572f7f5681534f0073010dfe71baeec99820b
SHA512f46637f66b2b69c93ef4b9204e45ffb6b5adf91631c37cac76ff2bcaffe61622f7aa6ce1c341efaea030c1ced02cb064635539c2c5df13ac1bfb996b53ec544f
-
Filesize
4KB
-
Filesize
68KB
-
Filesize
4KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
4KB
-
Filesize
68KB
-
Filesize
624KB