metasploit | 0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf

Analysis

max time kernel
128s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2022 05:44

Target

0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf.exe
Size

5.1MB
MD5

cd672c7ba4c52f344deb51e93d629640
SHA1

6e599f3fa6293f6933f6007c2b03912514cf75cd
SHA256

0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf
SHA512

6606d1a2578a2e5585e4951cf5c7efa1e400a040ced6d72cc917454d56625e7f218274ec4c0e2496cd141b205f7103573a057d882a4dd62878a251bf3392316a
SSDEEP

98304:OpZJ27oEqTbDTzuSP+VWuONh9uhqeLJRo8OiqPP0u3FuPNM2UzlzU9V2MwZX8CMS:y27oEqrTwVWuwEhNEZpX0u30PpUzlzwa

Score

10^/10

Family

metasploit

Version

encoder/shikata_ga_nai

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.9.142:4444

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral2/memory/736-132-0x0000000000400000-0x0000000000C89000-memory.dmp	vmprotect
behavioral2/memory/736-134-0x0000000000400000-0x0000000000C89000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf.exe

C:\Users\Admin\AppData\Local\Temp\0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf.exe
"C:\Users\Admin\AppData\Local\Temp\0e572eefcf64961fb0815ca83f45a2001ba78a704b454e997618cc88120325cf.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:736

memory/736-132-0x0000000000400000-0x0000000000C89000-memory.dmp

Filesize
8.5MB

Download
memory/736-134-0x0000000000400000-0x0000000000C89000-memory.dmp

Filesize
8.5MB

Download