metasploit | bfb754fae72d258192978d5572128efa2cb5fda2f2707ceffb04a83bde0065e4 | Triage

Analysis

max time kernel
40s
max time network
49s
platform
windows7_x64
resource
win7-20220414-en
submitted
10-05-2022 23:18

Sharing

Report Analysis Logs

General

Target

bfb754fae72d258192978d5572128efa2cb5fda2f2707ceffb04a83bde0065e4.exe
Size

235KB
MD5

ebc89c8dab7004b77351070a741d41af
SHA1

817cb28a043511af178601d9f06c2d8095468113
SHA256

bfb754fae72d258192978d5572128efa2cb5fda2f2707ceffb04a83bde0065e4
SHA512

1e5308bb15afcbc609104ee2143885a28faaf87a88dc7abf9435adeaf7a55054c2bc4122e4d8e91dbe081381d1b214a2212fdccf9b7f806ad1b51ec641841978

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://192.168.1.105:4443/SDuFNWMnRYXg5eHkv4hSIguJjH4g8hPF6EvI0TG5ziAWOah8qj7mNqKHOSO3qi8P9YJd3uZReD-fmnZGbV_K1xvi9kf

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

bfb754fae72d258192978d5572128efa2cb5fda2f2707ceffb04a83bde0065e4.exe

description pid process

Token: SeDebugPrivilege 536 bfb754fae72d258192978d5572128efa2cb5fda2f2707ceffb04a83bde0065e4.exe

C:\Users\Admin\AppData\Local\Temp\bfb754fae72d258192978d5572128efa2cb5fda2f2707ceffb04a83bde0065e4.exe
"C:\Users\Admin\AppData\Local\Temp\bfb754fae72d258192978d5572128efa2cb5fda2f2707ceffb04a83bde0065e4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/536-54-0x00000000003D0000-0x0000000000406000-memory.dmp

Filesize
216KB

Download
memory/536-55-0x00000000004C0000-0x00000000004F4000-memory.dmp

Filesize
208KB

Download
memory/536-56-0x0000000002220000-0x0000000002228000-memory.dmp

Filesize
32KB

Download