General
-
Target
502d52f0467cec572952fb7910085831bc4389bbfc20efac172974d53d68b90e
-
Size
35KB
-
Sample
240628-1kmw8swcjj
-
MD5
b19a3cdfcac38edc090d9f3fa58376f7
-
SHA1
1cacde908adb23121ed819f67f7b50f39338e3e5
-
SHA256
502d52f0467cec572952fb7910085831bc4389bbfc20efac172974d53d68b90e
-
SHA512
7dace34e74f8378c0a4850270f5848f76b06b89e90670902d7f1d7d117e6dd5c80660a7d12c17e0712d3ae3d7b59feb2305a1520ebdc2c51f0565e8849dd635b
-
SSDEEP
384:/eSOBiSsqdg1vA9WgMzyBZmy7Co3MA0jD+petJ/:/eSOr+1o9szyBZF33BS+p
Behavioral task
behavioral1
Sample
502d52f0467cec572952fb7910085831bc4389bbfc20efac172974d53d68b90e.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
502d52f0467cec572952fb7910085831bc4389bbfc20efac172974d53d68b90e.doc
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
windows/reverse_http
http://192.168.45.200:443/2kUiQG9O7eD1N_Q2k0lR-AtQbMVa_3Zr57FdKvxOYNK5Rqu0bJ83GE-kqCNNr3t63PHcw0D_tl4EuaYcqaButOTtC0ioHb9hy9fmn62HmWypPIyPjo9csBJkk1Ra-D5OKgOSSuE1YStApTwHpY3j6U
Targets
-
-
Target
502d52f0467cec572952fb7910085831bc4389bbfc20efac172974d53d68b90e
-
Size
35KB
-
MD5
b19a3cdfcac38edc090d9f3fa58376f7
-
SHA1
1cacde908adb23121ed819f67f7b50f39338e3e5
-
SHA256
502d52f0467cec572952fb7910085831bc4389bbfc20efac172974d53d68b90e
-
SHA512
7dace34e74f8378c0a4850270f5848f76b06b89e90670902d7f1d7d117e6dd5c80660a7d12c17e0712d3ae3d7b59feb2305a1520ebdc2c51f0565e8849dd635b
-
SSDEEP
384:/eSOBiSsqdg1vA9WgMzyBZmy7Co3MA0jD+petJ/:/eSOr+1o9szyBZF33BS+p
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-