metasploit | 117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad

General

Target

117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe
Size

200KB
MD5

8f3dacfa466cb6d04c3aa57c1e080568
SHA1

e92b4b6cdf20a8b6e94fbe323ef291ab404891b9
SHA256

117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad
SHA512

93ac418a733527090e8df76078dfe62901774535d903c5e5b799139108d7b0ff75c9776106674fbc81ed46912b0dc1e52e3a4f294018ff10251eaf9ff76cd410

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of SetThreadContext 1 IoCs

Processes:

117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe

description	pid	process	target process
PID 700 set thread context of 1488	700	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe

pid process

700 117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe

pid	process
700	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe

description	pid	process	target process
PID 700 wrote to memory of 1488	700	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe
PID 700 wrote to memory of 1488	700	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe
PID 700 wrote to memory of 1488	700	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe
PID 700 wrote to memory of 1488	700	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe
PID 700 wrote to memory of 1488	700	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe
PID 700 wrote to memory of 1488	700	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe
PID 700 wrote to memory of 1488	700	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe
PID 700 wrote to memory of 1488	700	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe
PID 700 wrote to memory of 1488	700	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe
PID 700 wrote to memory of 1488	700	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe	117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe

C:\Users\Admin\AppData\Local\Temp\117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe
"C:\Users\Admin\AppData\Local\Temp\117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:700

C:\Users\Admin\AppData\Local\Temp\117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe
"C:\Users\Admin\AppData\Local\Temp\117e78ac2b086f84ddb1f923d7099270d733938f49b0d600cc1d7a8d4b56e7ad.exe"
2⤵
PID:1488

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1488-56-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1488-57-0x0000000000409D25-mapping.dmp

Download

Analysis

Sharing