Analysis
-
max time kernel
94s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22-12-2024 08:30
Behavioral task
behavioral1
Sample
2c257c41a2ea9d6dd1ce1fbb1de39406a750b615425ea99a557fa27c5c8c4059.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2c257c41a2ea9d6dd1ce1fbb1de39406a750b615425ea99a557fa27c5c8c4059.exe
Resource
win10v2004-20241007-en
General
-
Target
2c257c41a2ea9d6dd1ce1fbb1de39406a750b615425ea99a557fa27c5c8c4059.exe
-
Size
654KB
-
MD5
f8ab8443ee9846cfa8d4303d5eb6ae9a
-
SHA1
c1dd2362aae699b0ec1ac47d9807da9916416cab
-
SHA256
2c257c41a2ea9d6dd1ce1fbb1de39406a750b615425ea99a557fa27c5c8c4059
-
SHA512
ec876cc2551b1ac251e998b70b5ff57795ea3f95e78ca7631d0a4fc619a2296cc8540be85936f43d0e8d77f9e18f66747185bc3f18aad6ea9e1566e1c3938e73
-
SSDEEP
12288:gQIGHk1all1uPv/QjX/XEDw2D8/ZoUFS9T4cDwusoDzge3e:gQfhj1uX/Qb/XEc2oZ18J4owutDz3e
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/shell_reverse_tcp
192.168.0.56:443
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
resource yara_rule behavioral2/memory/4032-0-0x0000000000400000-0x00000000005D8000-memory.dmp upx