metasploit | e592dd40a4999811016f79f08bc185604be0e69606751f0503dcc43d98248773 | Triage

Analysis

max time kernel
75s
max time network
81s
platform
windows7_x64
resource
win7-20220414-en
submitted
11-05-2022 02:23

Sharing

Report Analysis Logs

General

Target

e592dd40a4999811016f79f08bc185604be0e69606751f0503dcc43d98248773.exe
Size

1.9MB
MD5

f5ad24dda64b4a4601c864c789aa0ff9
SHA1

e1ae3118870daeddbcdacec98649d06f68ff449f
SHA256

e592dd40a4999811016f79f08bc185604be0e69606751f0503dcc43d98248773
SHA512

b3de981cd5593d57103636440075ed78d48308c704f84322aa41d961f9622e44fbc671165099d4dcbbe8ef5cc7dd25bc1e77180574ee88ad4eca217d893cc1bd

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://118.107.41.40:443/Jko8

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

e592dd40a4999811016f79f08bc185604be0e69606751f0503dcc43d98248773.exe

pid	process
1624	e592dd40a4999811016f79f08bc185604be0e69606751f0503dcc43d98248773.exe
1624	e592dd40a4999811016f79f08bc185604be0e69606751f0503dcc43d98248773.exe

C:\Users\Admin\AppData\Local\Temp\e592dd40a4999811016f79f08bc185604be0e69606751f0503dcc43d98248773.exe
"C:\Users\Admin\AppData\Local\Temp\e592dd40a4999811016f79f08bc185604be0e69606751f0503dcc43d98248773.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1624-54-0x0000000076391000-0x0000000076393000-memory.dmp

Filesize
8KB

Download
memory/1624-55-0x00000000007D1000-0x00000000007F6000-memory.dmp

Filesize
148KB

Download