Overview

overview

10

Static

static

10

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    83s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/04/2023, 04:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    7KB

  • MD5

    438604048d5b9e758bbe4359e77f3116

  • SHA1

    e9315c8b43dba96c100036de00d52285cc3da26c

  • SHA256

    aa8d6d19ef8a9fb00ae9116d08e39ec448655d5d9a0231e3ee6482c4e2402ff3

  • SHA512

    d0b83ba7854d3adc5567134d26348082f6d3a79ebcd3710674b97436784bbf174c083d95ab0f8d2947c323660d036a393f0bd6ba36707fd4dba397ed8da9631c

  • SSDEEP

    24:eFGStrJ9u0/6FY6AnZd0BQAVCrSJmA+hfbN+U4gSYCwMpmB:is0fr0BQRQVIDNgwPB

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
      PID:8
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 8 -s 144
        2⤵
        • Program crash
        PID:3196
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 188 -p 8 -ip 8
      1⤵
        PID:3516

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/8-133-0x0000000140000000-0x0000000140004300-memory.dmp

        Filesize

        16KB

        Download