Overview

overview

10

Static

static

b73ebfcc8d...6d.exe

windows7-x64

10

b73ebfcc8d...6d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    109s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 02:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b73ebfcc8d932795d863e029395997c3f9a985d198737f38ccfd428eb6f1446d.exe

  • Size

    151KB

  • MD5

    cc660caa2eda560c73609a71e25e2903

  • SHA1

    01423810934fccf85572863e38d00f5b910b8c6e

  • SHA256

    b73ebfcc8d932795d863e029395997c3f9a985d198737f38ccfd428eb6f1446d

  • SHA512

    16b0cf44489a9a7dda5b923ca97c388a0a86f419ce96c4d027e7d9aea74cc3ec5338b483d3713afd132cf0f33ee2dfa0e024da93932df7068443ba9ee6dc1f7b

  • SSDEEP

    3072:xzFPl85yWm66s151dwDEPPmfMTPw7KpKT9xdJ+96:xzNySoZdwaAMTwWl9

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

54.83.198.76:443

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Executes dropped EXE 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b73ebfcc8d932795d863e029395997c3f9a985d198737f38ccfd428eb6f1446d.exe
    "C:\Users\Admin\AppData\Local\Temp\b73ebfcc8d932795d863e029395997c3f9a985d198737f38ccfd428eb6f1446d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Users\Admin\AppData\Local\Temp\Notepad.exe
      "C:\Users\Admin\AppData\Local\Temp\Notepad.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1776
    • C:\Users\Admin\AppData\Local\Temp\dialogbox.exe
      "C:\Users\Admin\AppData\Local\Temp\dialogbox.exe"
      2⤵
      • Executes dropped EXE
      PID:1388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Notepad.exe
    Filesize

    207KB

    MD5

    231a32342ecf5c86af5aca41bcdd3aef

    SHA1

    4293f73039898e482784868ad50573baa69328b9

    SHA256

    8b0898b30ea74f7b88fd0625bfaadb755c118ae58da7e1f6a0c298f6612ded04

    SHA512

    2014488f5499004d7109f86d9b7b040bbe5a97fa32a78197302ff1183bce0cb47d239ac7bd6972372f3223edb0a452e603635581b8d5d7feccadb862b122c125

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dialogbox.exe
    Filesize

    7KB

    MD5

    91fb5483f9d682cce0cf8d995d33ee2c

    SHA1

    46ce4f8c574d646feae76493933dc580bf9f0fec

    SHA256

    bd79234e1a54031bc125e8867156f1c63354576d4e72f9ee907cb7fa9f32a3ae

    SHA512

    738f8c4150ba40e2837c8dbd84d5b67c5b6c32ea2a536d124df9c0a1ef7016d5f01eac703daf984fc6448d56a0eb4a89a434c543bafa18e00eb91bd3ea17820f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dialogbox.exe
    Filesize

    7KB

    MD5

    91fb5483f9d682cce0cf8d995d33ee2c

    SHA1

    46ce4f8c574d646feae76493933dc580bf9f0fec

    SHA256

    bd79234e1a54031bc125e8867156f1c63354576d4e72f9ee907cb7fa9f32a3ae

    SHA512

    738f8c4150ba40e2837c8dbd84d5b67c5b6c32ea2a536d124df9c0a1ef7016d5f01eac703daf984fc6448d56a0eb4a89a434c543bafa18e00eb91bd3ea17820f

    Download Submit

  • memory/1388-61-0x0000000000FF0000-0x0000000000FF8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1388-62-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1492-54-0x0000000001080000-0x00000000010AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1492-55-0x000007FEFC5A1000-0x000007FEFC5A3000-memory.dmp

    Filesize

    8KB

    Download