Overview

overview

10

Static

static

3

7bd1fa23c9...c0.exe

windows7-x64

10

7bd1fa23c9...c0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    15/08/2023, 05:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7bd1fa23c92ebdc8003dde67f36b06d32dc5f418f5e9415fbb1f184be6353bc0.exe

  • Size

    5.3MB

  • MD5

    95743ef463825e6fc60b3629b581fc2c

  • SHA1

    70a86e48a9318707ddda90b5645dcb566609a041

  • SHA256

    7bd1fa23c92ebdc8003dde67f36b06d32dc5f418f5e9415fbb1f184be6353bc0

  • SHA512

    2da8d4e67d80469016f0963812f769125ba4b91b93cd825788ca3ab58d05b8f0cfd7a3c9558e650e9cddf6cd191df23aaebaaed3d10b5294e5b2f233c2817ef6

  • SSDEEP

    98304:FNR2TNZO2ZoXYS1Mr8YRYUbMO1RnUEJXzPtPkIFTVoqucg4k+4:FY0MhCMr3uO1Z3JXLtPk8Jjg

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.120.28:4444

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7bd1fa23c92ebdc8003dde67f36b06d32dc5f418f5e9415fbb1f184be6353bc0.exe
    "C:\Users\Admin\AppData\Local\Temp\7bd1fa23c92ebdc8003dde67f36b06d32dc5f418f5e9415fbb1f184be6353bc0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Users\Admin\AppData\Local\Temp\7bd1fa23c92ebdc8003dde67f36b06d32dc5f418f5e9415fbb1f184be6353bc0.exe
      "C:\Users\Admin\AppData\Local\Temp\7bd1fa23c92ebdc8003dde67f36b06d32dc5f418f5e9415fbb1f184be6353bc0.exe"
      2⤵
      • Loads dropped DLL
      PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI25442\VCRUNTIME140.dll
    Filesize

    91KB

    MD5

    7942be5474a095f673582997ae3054f1

    SHA1

    e982f6ebc74d31153ba9738741a7eec03a9fa5e8

    SHA256

    8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

    SHA512

    49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI25442\_ctypes.pyd
    Filesize

    123KB

    MD5

    4786508ffadc542bd677f45af820fdb9

    SHA1

    fc0f7dae6e0d093594e4ff1c293ce004dbd16fd7

    SHA256

    64f5072cd9536418ec0fd4b5c30c13b03cdddced1f9332d4d721c4b37ae3883e

    SHA512

    ad4b0e6883c2f0c003c46b1b85f5fbc2c1f8366a212695b9e47664c8735a30d4c8a3c645b324d3d059582096a1fe78ac1043ba8a639ced0665ef8c5cc33d0b80

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI25442\base_library.zip
    Filesize

    1007KB

    MD5

    ae88a6739fb437fcab7100d2fc93b71f

    SHA1

    7a041c71ec65310e79e22a79f23b8f6b8591bd9f

    SHA256

    b77ef49b5616623f1f55310452fdb99de4c1b95f849bb5ae0b169575755e3132

    SHA512

    6138f69c40fa510ca89feba084d6f71eb32ae135d3c3064bd8fc96f9d75fad743fa6f00a95a94271444a362f8ab1a01738e41b5718dcbe33893835ef1699cdeb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI25442\libffi-7.dll
    Filesize

    32KB

    MD5

    eef7981412be8ea459064d3090f4b3aa

    SHA1

    c60da4830ce27afc234b3c3014c583f7f0a5a925

    SHA256

    f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

    SHA512

    dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI25442\python38.dll
    Filesize

    4.0MB

    MD5

    eec355a6e9586f823a4f12bed11e6c80

    SHA1

    33627398cb32f4fbb162f38f7c277ad5b13a99ba

    SHA256

    560a6a5f8b7afa99600cc47da26a802c342d7f50ffe23850372f2fcf536cd26f

    SHA512

    7b4b3c13383de62a17aa1aafabce657ea5f4aadd716430fcd6e0f3125b773ae1589b3eaa050ccd87b37f6fae2391c5e7a8a229c0b0fa135de8d0269e9752bea0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI25442\VCRUNTIME140.dll
    Filesize

    91KB

    MD5

    7942be5474a095f673582997ae3054f1

    SHA1

    e982f6ebc74d31153ba9738741a7eec03a9fa5e8

    SHA256

    8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

    SHA512

    49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI25442\_ctypes.pyd
    Filesize

    123KB

    MD5

    4786508ffadc542bd677f45af820fdb9

    SHA1

    fc0f7dae6e0d093594e4ff1c293ce004dbd16fd7

    SHA256

    64f5072cd9536418ec0fd4b5c30c13b03cdddced1f9332d4d721c4b37ae3883e

    SHA512

    ad4b0e6883c2f0c003c46b1b85f5fbc2c1f8366a212695b9e47664c8735a30d4c8a3c645b324d3d059582096a1fe78ac1043ba8a639ced0665ef8c5cc33d0b80

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI25442\libffi-7.dll
    Filesize

    32KB

    MD5

    eef7981412be8ea459064d3090f4b3aa

    SHA1

    c60da4830ce27afc234b3c3014c583f7f0a5a925

    SHA256

    f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

    SHA512

    dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI25442\python38.dll
    Filesize

    4.0MB

    MD5

    eec355a6e9586f823a4f12bed11e6c80

    SHA1

    33627398cb32f4fbb162f38f7c277ad5b13a99ba

    SHA256

    560a6a5f8b7afa99600cc47da26a802c342d7f50ffe23850372f2fcf536cd26f

    SHA512

    7b4b3c13383de62a17aa1aafabce657ea5f4aadd716430fcd6e0f3125b773ae1589b3eaa050ccd87b37f6fae2391c5e7a8a229c0b0fa135de8d0269e9752bea0

    Download Submit

  • memory/2672-77-0x00000000026C0000-0x00000000026C1000-memory.dmp

    Filesize

    4KB

    Download