metasploit | 11ea03b8c99fafb3c5bdc506918118202294fd8afe2b1880f813ed0f09434b1c

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
20/07/2023, 11:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Powerfull-fud.exe
Size

1.8MB
MD5

bd22f2cc28952149865f1cad07fce151
SHA1

d2d5c6d8e96f8d482d699cebc41f26c36133b4d0
SHA256

11ea03b8c99fafb3c5bdc506918118202294fd8afe2b1880f813ed0f09434b1c
SHA512

236e23049a810b9fce895ba08188767885ceff68082ee8572673c80558694c8c2df2f0791d8069b89797225b6ec5a775dae818f7fae616eac535cf99a666c067
SSDEEP

49152:9anUJUDYfzKQKzbbKXQDtNH/NjA9DJWjn076c:9anZ0zAEa/VA7/2c

Score

10^/10

metasploit backdoor trojan upx

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

74.207.240.21:9289

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2184-54-0x000000013F0E0000-0x000000013F345000-memory.dmp	upx
behavioral1/memory/2184-55-0x000000013F0E0000-0x000000013F345000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1296	2184	WerFault.exe	27

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1296	2184	Powerfull-fud.exe	29
PID 2184 wrote to memory of 1296	2184	Powerfull-fud.exe	29
PID 2184 wrote to memory of 1296	2184	Powerfull-fud.exe	29

C:\Users\Admin\AppData\Local\Temp\Powerfull-fud.exe
"C:\Users\Admin\AppData\Local\Temp\Powerfull-fud.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2184 -s 40
  2⤵
  - Program crash
  PID:1296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2184-54-0x000000013F0E0000-0x000000013F345000-memory.dmp

Filesize
2.4MB

Download
memory/2184-55-0x000000013F0E0000-0x000000013F345000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads