Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2025, 19:13

General

  • Target

    20a01af06e17d1cce126b9d37ff62d95dee45a72a38310db43118913e5742f02.exe

  • Size

    575KB

  • MD5

    a397478690cc72d5fec49904d2ae626c

  • SHA1

    5c60ab8ef078b866be9cbbe278ca4efda6c38f3f

  • SHA256

    20a01af06e17d1cce126b9d37ff62d95dee45a72a38310db43118913e5742f02

  • SHA512

    4e74986ab6f799717b76b8f39a1a7efbde38067b8449970ac51e6f06146dccab513cb4a1fa3ee96cda65eae4fe4c5b9ecbe659fb21951e96755602d2e2e4ee6f

  • SSDEEP

    12288:BRcrK8T20otDfbH1nwk3Ta77Hp0fWAUmBMmylc9vYFLSqoCy:BF420otlTh9vYFLSqoCy

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://10.0.0.128:8899/OAxT

Attributes
  • headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; NP06)

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Metasploit family

Processes

  • C:\Users\Admin\AppData\Local\Temp\20a01af06e17d1cce126b9d37ff62d95dee45a72a38310db43118913e5742f02.exe
    "C:\Users\Admin\AppData\Local\Temp\20a01af06e17d1cce126b9d37ff62d95dee45a72a38310db43118913e5742f02.exe"
    1⤵
      PID:1920

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1920-0-0x00000000000D0000-0x00000000000D1000-memory.dmp

      Filesize

      4KB

    • memory/1920-1-0x000000013FDA0000-0x000000013FE29000-memory.dmp

      Filesize

      548KB