Analysis
-
max time kernel
91s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
30/12/2024, 02:05
General
-
Target
coba186.exe
-
Size
256KB
-
MD5
b08152a9426f1453e466d4026fc6d1db
-
SHA1
93e3defbf52344e05ea4e0cb63373f8f5fa2c3f7
-
SHA256
c8e5dc8cf704b2c8f339ac43610d8c20d3d00fd8f1a3296cb288f644236d9583
-
SHA512
fdd2de24b673deeb3e58569d802213bba7aeccd7699d5edafafb6d96ca7c5116b4803c4c9b57994678a57d8aa66a7ccbda7b366a7b336385a0e2fd4bc0adb9df
-
SSDEEP
6144:mK/BF7FuCc1XWSMO1YWTDDRLJtiqAiveAONCyh2Dst:mQBuCc1XlMO1YWTnBiqAiGXCyYs
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
windows/download_exec
C2
http://217.12.218.46:80/1tjM
Attributes
- headers User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\coba186.exe"C:\Users\Admin\AppData\Local\Temp\coba186.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB