Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22-12-2024 12:58
Behavioral task
behavioral1
Sample
2c4657d3134874aa2ca768b75daf1a5ceeabde962123998ec9043aa4c531f8d9.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2c4657d3134874aa2ca768b75daf1a5ceeabde962123998ec9043aa4c531f8d9.exe
Resource
win10v2004-20241007-en
General
-
Target
2c4657d3134874aa2ca768b75daf1a5ceeabde962123998ec9043aa4c531f8d9.exe
-
Size
72KB
-
MD5
94d67dd09b8af18928222e4ed502cb16
-
SHA1
6cf10d00b69c5a3270cf0f14201ea653bae1a556
-
SHA256
2c4657d3134874aa2ca768b75daf1a5ceeabde962123998ec9043aa4c531f8d9
-
SHA512
0632e6e25f301ea496b854653e5a36c46b0106b30fba7784c90271be58776aa0fb62c39e1db90ac8a658dde839ca351f17db0edd8ec8dbcaab82f9824eeb1694
-
SSDEEP
1536:IfizxyZmYxeuofx16zZOMb9fBKYs+OF4Mb+KR0Nc8QsJq3v:bzsZmieuofX6zZ13s+64e0Nc8QsCv
Malware Config
Extracted
metasploit
windows/reverse_tcp
192.168.0.106:5555
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2c4657d3134874aa2ca768b75daf1a5ceeabde962123998ec9043aa4c531f8d9.exe