metasploit | 05ff8c32c0a65c53885a78c6bbce98f00e1779739be24149687e18c56af4684b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

05ff8c32c0...b.docm

windows7-x64

05ff8c32c0...b.docm

windows10-2004-x64

Sharing

General

Target

05ff8c32c0a65c53885a78c6bbce98f00e1779739be24149687e18c56af4684b.doc
Size

68KB
Sample

220922-nzyk3abdg8
MD5

de20c0347ea069a7836f182bbd92e71b
SHA1

2b75983707c3acc69bfa86deb85a41074b54920a
SHA256

05ff8c32c0a65c53885a78c6bbce98f00e1779739be24149687e18c56af4684b
SHA512

0aba09b921a65a301652041619d71b1309358b5a980e3e2af48bde951c012cf8825e115a53bb8d125ce09a4ede8f5a1af7f503b00c3a7c4190581edebd4cd54f
SSDEEP

1536:6mncDarFJubeoYse0FB9bPcCASAaLCMI3N6iJ5OhCekS9:9cDw/uXYse0F3dFCRgipep9

Score

10^/10

metasploit backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

05ff8c32c0a65c53885a78c6bbce98f00e1779739be24149687e18c56af4684b.docm

Resource

win7-20220812-en

metasploit backdoor trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

05ff8c32c0a65c53885a78c6bbce98f00e1779739be24149687e18c56af4684b.docm

Resource

win10v2004-20220812-en

metasploit backdoor trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://1.13.23.211:7443/YPGl

Targets

- Target
  
  05ff8c32c0a65c53885a78c6bbce98f00e1779739be24149687e18c56af4684b.doc
- Size
  
  68KB
- MD5
  
  de20c0347ea069a7836f182bbd92e71b
- SHA1
  
  2b75983707c3acc69bfa86deb85a41074b54920a
- SHA256
  
  05ff8c32c0a65c53885a78c6bbce98f00e1779739be24149687e18c56af4684b
- SHA512
  
  0aba09b921a65a301652041619d71b1309358b5a980e3e2af48bde951c012cf8825e115a53bb8d125ce09a4ede8f5a1af7f503b00c3a7c4190581edebd4cd54f
- SSDEEP
  
  1536:6mncDarFJubeoYse0FB9bPcCASAaLCMI3N6iJ5OhCekS9:9cDw/uXYse0F3dFCRgipep9
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan

© 2018-2025

Terms | Privacy