Overview

overview

10

Static

static

1

e8b954d8d0...6b.exe

windows7-x64

10

e8b954d8d0...6b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    84s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/03/2023, 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e8b954d8d0eabae788688e5c4e5b9152f75cf7810ecf738054a84a9770f6a26b.exe

  • Size

    622KB

  • MD5

    e4656c10d7494ec4f285a7d226ff4082

  • SHA1

    8c26bc79527fec0d772513959eba5c2399e4e232

  • SHA256

    e8b954d8d0eabae788688e5c4e5b9152f75cf7810ecf738054a84a9770f6a26b

  • SHA512

    968a59ff8d8ad7bc6c24cdbafe931adcdbe8b7c324a49b6b91f3bcf53eff169f13800bf1a2ed9046f3f279af1221ea559dbf952424bd3e613c4c9eaf42ba1f8f

  • SSDEEP

    12288:YAM6uBkzpbg7fk2okCA6D4KuKluYpK20VF/PWU:F9WOKbkqWD4KZ/92OU

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://185.150.117.189:80/wp-includes/link.mp3

Attributes
  • headers Host: vpnupdaters.com Connection: close User-Agent: Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8b954d8d0eabae788688e5c4e5b9152f75cf7810ecf738054a84a9770f6a26b.exe
    "C:\Users\Admin\AppData\Local\Temp\e8b954d8d0eabae788688e5c4e5b9152f75cf7810ecf738054a84a9770f6a26b.exe"
    1⤵
      PID:4616
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 1292
        2⤵
        • Program crash
        PID:1728
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4616 -ip 4616
      1⤵
        PID:1712

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4616-133-0x0000000002220000-0x0000000002221000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4616-134-0x0000000002280000-0x0000000002285000-memory.dmp

        Filesize

        20KB

        Download

      • memory/4616-135-0x0000000002530000-0x0000000002531000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4616-136-0x00000000038E0000-0x0000000003CE0000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/4616-137-0x0000000000400000-0x00000000004A1000-memory.dmp

        Filesize

        644KB

        Download