metasploit | b22d3bb6a0f6661970bfeb1fe03b9cfd148bb3c0b5a7cf7bdd252f5abfc360a7

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
19-05-2022 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0011b9cd240249c3aeb520ea1205eaf1.exe
Size

861KB
MD5

a145be6638603eddb739eddc9404f2e3
SHA1

c38146cbb3c746824c1e827921cdf03bfd19d8a9
SHA256

b22d3bb6a0f6661970bfeb1fe03b9cfd148bb3c0b5a7cf7bdd252f5abfc360a7
SHA512

cf805f5eb3f832fd1fe583a7ceab1e409ea17eb72b6c97076ce8f01c473b67b8bc79d90538338f5a0b398f27f06ffd5e4f99ec0e7f2bae26b98380cf0d529f02

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://npc.xinchen.space:25565/jquery-3.3.1.slim.min.js

http://c=:25565/jquery-3.3.1.slim.min.js

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs

Processes:

0011b9cd240249c3aeb520ea1205eaf1.exe

pid	process
644	0011b9cd240249c3aeb520ea1205eaf1.exe
644	0011b9cd240249c3aeb520ea1205eaf1.exe
644	0011b9cd240249c3aeb520ea1205eaf1.exe
644	0011b9cd240249c3aeb520ea1205eaf1.exe
644	0011b9cd240249c3aeb520ea1205eaf1.exe
644	0011b9cd240249c3aeb520ea1205eaf1.exe
644	0011b9cd240249c3aeb520ea1205eaf1.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

0011b9cd240249c3aeb520ea1205eaf1.exe

description	pid	process	target process
PID 644 wrote to memory of 1664	644	0011b9cd240249c3aeb520ea1205eaf1.exe	svchost.exe
PID 644 wrote to memory of 1664	644	0011b9cd240249c3aeb520ea1205eaf1.exe	svchost.exe
PID 644 wrote to memory of 1664	644	0011b9cd240249c3aeb520ea1205eaf1.exe	svchost.exe
PID 644 wrote to memory of 1664	644	0011b9cd240249c3aeb520ea1205eaf1.exe	svchost.exe
PID 644 wrote to memory of 1664	644	0011b9cd240249c3aeb520ea1205eaf1.exe	svchost.exe

C:\Users\Admin\AppData\Local\Temp\0011b9cd240249c3aeb520ea1205eaf1.exe
"C:\Users\Admin\AppData\Local\Temp\0011b9cd240249c3aeb520ea1205eaf1.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:644

C:\Windows\SysWOW64\svchost.exe
"C:\Windows\System32\svchost.exe"
2⤵
PID:1664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/644-54-0x0000000075BF1000-0x0000000075BF3000-memory.dmp

Filesize
8KB

Download
memory/644-56-0x0000000075A20000-0x0000000075A67000-memory.dmp

Filesize
284KB

Download
memory/644-463-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-464-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-465-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-466-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-467-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-468-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-469-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-470-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-471-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-472-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-473-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-474-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-475-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-477-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-478-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-476-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-479-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-480-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-482-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-481-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-483-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-484-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-485-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-486-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-488-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-487-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-489-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-490-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-491-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-492-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-493-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-494-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-495-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-496-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-497-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-498-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-499-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-500-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-501-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-502-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-503-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-504-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-505-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-506-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-507-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-508-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-509-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-510-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-512-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-511-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-513-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-514-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-515-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-517-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-516-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-518-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-519-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-520-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-521-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-522-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-523-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-524-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-4342-0x0000000000400000-0x00000000004DA000-memory.dmp

Filesize
872KB

Download
memory/644-4344-0x0000000001EC0000-0x0000000002041000-memory.dmp

Filesize
1.5MB

Download
memory/644-4345-0x0000000002170000-0x0000000002281000-memory.dmp

Filesize
1.1MB

Download
memory/644-4346-0x0000000002290000-0x0000000002391000-memory.dmp

Filesize
1.0MB

Download
memory/1664-4341-0x0000000000000000-mapping.dmp

Download