Analysis
-
max time kernel
93s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-12-2024 10:52
General
-
Target
TS-D2E2.exe
-
Size
274KB
-
MD5
2216c09db9c52a9f617121572a2a8401
-
SHA1
c2d95ac92970dbe747b5c856dcb8dade67d1fc48
-
SHA256
5752371ce5738295be58ca571652bc07d8215d0029193c08dc1a83ee9402068c
-
SHA512
5c1d08620113fc1fb6ae7185a11e993e004a7a2af6d2af5671f3f8931df59d8f0591898bb7e7bd78b2d6123c42b2a13fa671f5c821c07a1a74da4ee02f42b0c6
-
SSDEEP
6144:2ax3gjfE0BjgLugseHgCFAGIjvK0ypeFo2LeAOZl7Q6uuj:0MLugseH/VIjvKZ2arDuuj
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/download_exec
C2
http://185.14.28.232:80/jquery-3.3.1.slim.min.js
Attributes
- headers Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\TS-D2E2.exe"C:\Users\Admin\AppData\Local\Temp\TS-D2E2.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB