metasploit | e9ffa4216e130026bda8fbcabf761b8f378939daf133601b6f3d25ae72393f3b

Analysis

max time kernel
158s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 00:51

Target

e9ffa4216e130026bda8fbcabf761b8f378939daf133601b6f3d25ae72393f3b.exe
Size

50KB
MD5

83f4e4796b55254b4ae0aeb1779bfd34
SHA1

f65ecba954844c5f329f2ac7a6d371b4d627659e
SHA256

e9ffa4216e130026bda8fbcabf761b8f378939daf133601b6f3d25ae72393f3b
SHA512

33e470056ed4a4d3f733700b0ef3cfe631cb3db329477e7a7ad95b56e95853bef01d13db7c4ce7c58a0f3f8ba9ce664e297ef2779e7ae7eb5d8a26e6d27b8d5c
SSDEEP

768:VIHQF1YCzsFmvrPaNqVPJKW3cEoxgtLPILaNilcpXcKpUu5ovyavoc:qw5bzJPYm1P8a82phpUYiya

Score

10^/10

Family

metasploit

Version

encoder/call4_dword_xor

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2256	3592	WerFault.exe	81

C:\Users\Admin\AppData\Local\Temp\e9ffa4216e130026bda8fbcabf761b8f378939daf133601b6f3d25ae72393f3b.exe
"C:\Users\Admin\AppData\Local\Temp\e9ffa4216e130026bda8fbcabf761b8f378939daf133601b6f3d25ae72393f3b.exe"
1⤵
PID:3592
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 572
  2⤵
  - Program crash
  PID:2256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3592 -ip 3592
1⤵
PID:1944

memory/3592-132-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3592-133-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download