metasploit | 3353325c1e7793113e703dde8eb59fd95a6b3bd8b9412fd861f1415af4b3ffa0

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 08:13

Target

3353325c1e7793113e703dde8eb59fd95a6b3bd8b9412fd861f1415af4b3ffa0.exe
Size

416KB
MD5

1c899730d4b08554daf3c2e0a75a7f3a
SHA1

3bfb20580f1c6d61b12688a8df5943f315fc18dd
SHA256

3353325c1e7793113e703dde8eb59fd95a6b3bd8b9412fd861f1415af4b3ffa0
SHA512

2cac01881456c9e78d3e76cabb4b18fc108a8a5a6c884692bc34c4c2806c31cfd3bcd65c7cf5e178e0ac65f40bf6f88c41ec50e0a8bff3fde7aa092273277e85
SSDEEP

12288:pbWm23htV4dEvM7IF7MwvFg5exc9X2qijc3rdtT:pbWm2336EvYGtg5ALqb

Score

10^/10

Family

metasploit

Version

encoder/shikata_ga_nai

Family

metasploit

Version

windows/shell_reverse_tcp

79.138.104.162:443

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/900-55-0x00000000000C0000-0x00000000002C8000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\3353325c1e7793113e703dde8eb59fd95a6b3bd8b9412fd861f1415af4b3ffa0.exe
"C:\Users\Admin\AppData\Local\Temp\3353325c1e7793113e703dde8eb59fd95a6b3bd8b9412fd861f1415af4b3ffa0.exe"
1⤵
PID:900

memory/900-54-0x0000000075571000-0x0000000075573000-memory.dmp

Filesize
8KB

Download
memory/900-55-0x00000000000C0000-0x00000000002C8000-memory.dmp

Filesize
2.0MB

Download