Overview

overview

10

Static

static

college.exe

windows10-1703-x64

10

Analysis

  • max time kernel
    25s
  • max time network
    28s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18-09-2022 16:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    college.exe

  • Size

    472KB

  • MD5

    c69f94a227bcd9c6aad0fb47a70206be

  • SHA1

    45c381723f533255e1fe202a8164f27560bb512a

  • SHA256

    565d5e1f67309d3864cb01a29a3b043485f05e55858a04cfcef9a1d35988f797

  • SHA512

    3cae1dd987f28a716472b424f8e3f3b7061386fd5ecc30f3e6c8e5ad5cf80b3ce234272a821bfbe657c8384378605aef0697f85187e6733189d81751965ce7c3

  • SSDEEP

    6144:y61E/QSnxoEMTlXEulocICldtWkbnVMALgQuDLZ8HB:y6ErxJMTtEul8Cldt3bVMtQELZ8HB

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

45.79.121.251:1234

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\college.exe
    "C:\Users\Admin\AppData\Local\Temp\college.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Users\Admin\AppData\Local\Temp\hacker.exe
      "C:\Users\Admin\AppData\Local\Temp\hacker.exe"
      2⤵
      • Executes dropped EXE
      PID:4140

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hacker.exe
    Filesize

    72KB

    MD5

    9ac0e035454a71e188d83ad4ba2db9e2

    SHA1

    3e07611cfe5dc0ac3b57641eba2db27a20c960e3

    SHA256

    c35d530cbc034f9a6760fc8c172c76fdaf468b87a7d7c956fbc19687523f7ac3

    SHA512

    ffd650e05475ab3d3da485c90baa72889a432128f5152416da6b632ab69eb65308ee4702b3b2156651f23b77259ae99c677ed909c5c56dfc178251e31c1071c1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hacker.exe
    Filesize

    72KB

    MD5

    9ac0e035454a71e188d83ad4ba2db9e2

    SHA1

    3e07611cfe5dc0ac3b57641eba2db27a20c960e3

    SHA256

    c35d530cbc034f9a6760fc8c172c76fdaf468b87a7d7c956fbc19687523f7ac3

    SHA512

    ffd650e05475ab3d3da485c90baa72889a432128f5152416da6b632ab69eb65308ee4702b3b2156651f23b77259ae99c677ed909c5c56dfc178251e31c1071c1

    Download Submit

  • memory/2068-120-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-121-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-122-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-123-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-125-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-126-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-128-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-129-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-130-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-131-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-132-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-133-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-134-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-135-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-136-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-137-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-138-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-140-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-139-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-141-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-142-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-143-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-144-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-145-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-146-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-147-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-148-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-149-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-150-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-151-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-152-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-153-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-154-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-155-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-156-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-157-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-158-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-159-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-160-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-161-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-162-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-163-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-164-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-165-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-166-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-167-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-168-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-169-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-170-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-171-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-172-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-173-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-174-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-175-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-176-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-177-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-178-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-179-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-180-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-181-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-182-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-183-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-184-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2068-185-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4140-191-0x0000000000000000-mapping.dmp

    Download