metasploit | 0daa391a7ced1527a38b7bfcbbe9998d19fc6b9aab60d3bfdcf3f13d9df1859b | Triage

Analysis

max time kernel
95s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
29-05-2022 16:41

Sharing

Report Analysis Logs

General

Target

0daa391a7ced1527a38b7bfcbbe9998d19fc6b9aab60d3bfdcf3f13d9df1859b.exe
Size

2.3MB
MD5

5b3685025d690e226948be017a1d4aee
SHA1

100628a63e150c4a7d30b89068037b66269981ec
SHA256

0daa391a7ced1527a38b7bfcbbe9998d19fc6b9aab60d3bfdcf3f13d9df1859b
SHA512

390e301b7c6c3276f8b91285c390ea46b0443e5b64209f9d83e40b2f40e03091d8834020424a005882b06c7b12ebdde3fc62d04c638446083dbc37c834653121

Score

10^/10

metasploit backdoor trojan upx

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

165.22.98.128:1123

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/4780-130-0x0000000000400000-0x000000000075D000-memory.dmp	upx

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4024 4780 WerFault.exe 0daa391a7ced1527a38b7bfcbbe9998d19fc6b9aab60d3bfdcf3f13d9df1859b.exe

C:\Users\Admin\AppData\Local\Temp\0daa391a7ced1527a38b7bfcbbe9998d19fc6b9aab60d3bfdcf3f13d9df1859b.exe
"C:\Users\Admin\AppData\Local\Temp\0daa391a7ced1527a38b7bfcbbe9998d19fc6b9aab60d3bfdcf3f13d9df1859b.exe"
1⤵
PID:4780

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4780 -s 176
2⤵
- Program crash
PID:4024

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 448 -p 4780 -ip 4780
1⤵
PID:3392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4780-130-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download