Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
21-12-2024 17:57
General
-
Target
8b87c1b5329556acd3a837bfec7da79c95cc127119c127c910dd74c4406cc662.exe
-
Size
447KB
-
MD5
f7910e386aab79f3d5a974b4a20afed1
-
SHA1
7abeb87c0d5b24b9d9b9e03f56ee961648b9e814
-
SHA256
8b87c1b5329556acd3a837bfec7da79c95cc127119c127c910dd74c4406cc662
-
SHA512
bb505b8232c612ab701140abf4a015972c92fedcc8cf134a7edbeb8000ff7714735a354af96b37b3bf9ea9ac43214a25a1b9ee3c0c8c8cd9008b896778facc98
-
SSDEEP
6144:9L3tauRul+LtP9opuTjU1B61Rfb+muewyPL1:V3tauReaGuTjR4mtwyPZ
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
encoder/shikata_ga_nai
Extracted
Family
metasploit
Version
windows/reverse_tcp
C2
10.4.224.26:8443
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8b87c1b5329556acd3a837bfec7da79c95cc127119c127c910dd74c4406cc662.exe"C:\Users\Admin\AppData\Local\Temp\8b87c1b5329556acd3a837bfec7da79c95cc127119c127c910dd74c4406cc662.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\calc.execalc.exe2⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
492KB