Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22-12-2024 09:45
Static task
static1
Behavioral task
behavioral1
Sample
32c6cd5e900fa9120ba97e38c63cb0941974751a074b24ead6a8795b7991535b.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
32c6cd5e900fa9120ba97e38c63cb0941974751a074b24ead6a8795b7991535b.exe
Resource
win10v2004-20241007-en
General
-
Target
32c6cd5e900fa9120ba97e38c63cb0941974751a074b24ead6a8795b7991535b.exe
-
Size
14KB
-
MD5
7ecf7986429d8d8a7f432f5933419516
-
SHA1
cd5839613c04186c4cf4ce01c77ddd08d5e3360e
-
SHA256
32c6cd5e900fa9120ba97e38c63cb0941974751a074b24ead6a8795b7991535b
-
SHA512
742dfa66695ad060e8f9339f5f08fb1a068bed0ec42bde3c6c53edb22dad7265fe3f6a40dc751281144c30a1898ba5d8d8d57931bc93fb3feedd4cf9c694db2e
-
SSDEEP
192:I3mbPYCfMcrfOIuZmvKQxtzlSIVX6NO9+IgNejDMN1:nMCfrfQ6tBSI6hNeUN1
Malware Config
Extracted
metasploit
windows/download_exec
http://192.168.65.152:80/JNyK
- headers User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 32c6cd5e900fa9120ba97e38c63cb0941974751a074b24ead6a8795b7991535b.exe