Analysis
-
max time kernel
125s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30-06-2024 00:06
Static task
static1
Behavioral task
behavioral1
Sample
29c4f7618e72214116ae6e7c578a4dc9.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
29c4f7618e72214116ae6e7c578a4dc9.exe
Resource
win10v2004-20240508-en
General
-
Target
29c4f7618e72214116ae6e7c578a4dc9.exe
-
Size
14KB
-
MD5
29c4f7618e72214116ae6e7c578a4dc9
-
SHA1
0e7e98f7705566e1c7a4bd41222d166b18236808
-
SHA256
1dddbe35f087419bed5effd4ac7b9cacb4be3d6f8239b7650cf81b2a01b2b369
-
SHA512
42cb857b3906e500bd9498685fc57dc21ce9417efe7fba200ea6010449803962bb8ff7700288f1d524bfcab95ada74ed0cdec3fc08ffe9cd3ee320bc332f9da8
-
SSDEEP
192:AWH+DgGK83SxHn2OQ/dmBI4KBfTgir+xzK7NRxbqUqV/Qjo7AGa:Ai+kGKqbOCdWIVBff+xz4NRtfCXAn
Malware Config
Extracted
metasploit
windows/download_exec
http://120.78.7.92:8443DogCsDogCs.js
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
Processes
-
C:\Users\Admin\AppData\Local\Temp\29c4f7618e72214116ae6e7c578a4dc9.exe"C:\Users\Admin\AppData\Local\Temp\29c4f7618e72214116ae6e7c578a4dc9.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4256,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=1304 /prefetch:81⤵