metasploit | d2830c494cbcc609d0a43beaeceb6140dfd5c49f9b6b4059ad2e6c1d1d48545c | Triage

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
08-07-2022 18:00

Sharing

Report Analysis Logs

General

Target

d2830c494cbcc609d0a43beaeceb6140dfd5c49f9b6b4059ad2e6c1d1d48545c.exe
Size

8KB
MD5

d4f133f02ca02739e373cbc8f0826691
SHA1

ea30e89f0c838858675aa1e5015f8c580ff9c713
SHA256

d2830c494cbcc609d0a43beaeceb6140dfd5c49f9b6b4059ad2e6c1d1d48545c
SHA512

5ce434adffde5b3745f8fa97a9d10933672fe2949c1a039fdc253b8e1c09559e3cb40c0996395c414d5f708002044a05472c71eeb8618d832e80231439f6c870

Score

10^/10

metasploit backdoor trojan upx

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://193.37.215.110:801/iALf

Attributes

headers User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0)

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2120-130-0x0000000000400000-0x000000000040D000-memory.dmp	upx
behavioral2/memory/2120-131-0x0000000000400000-0x000000000040D000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\d2830c494cbcc609d0a43beaeceb6140dfd5c49f9b6b4059ad2e6c1d1d48545c.exe
"C:\Users\Admin\AppData\Local\Temp\d2830c494cbcc609d0a43beaeceb6140dfd5c49f9b6b4059ad2e6c1d1d48545c.exe"
1⤵
PID:2120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2120-130-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2120-131-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download