metasploit | 3eb786e3580c5769a3ca9ffb93a38f41712b84774ec40432b11aa522061f24bb

Analysis

max time kernel
141s
max time network
133s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
24/08/2023, 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3eb786e3580c5769a3ca9ffb93a38f41712b84774ec40432b11aa522061f24bb.exe
Size

527KB
MD5

16573eed2efc2fe0d699e2ea7069917b
SHA1

8bdc21400cfec085451e23dcf6aa29a2c35c399b
SHA256

3eb786e3580c5769a3ca9ffb93a38f41712b84774ec40432b11aa522061f24bb
SHA512

b62217294f4738c9e9f796d19080cb4dd6b0cb2a53d3c9d4c77a8eabc4b0087e4ee967922758737e53ab250742288cb9cd6a21f9e6e2f2044d875c5d7a5aa93c
SSDEEP

12288:qstjgayIDpGzrw/Kz6q0Qqf7YPhkp+VdcLpIC1uDOdKDf9FJ:Fjg5WpGzrw8iLY5kp+VdcL6coDf9X

Score

10^/10

metasploit backdoor trojan upx

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

43.163.204.20:54444

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1912-0-0x0000000000E80000-0x0000000001020000-memory.dmp	upx
behavioral1/memory/1912-1-0x0000000000E80000-0x0000000001020000-memory.dmp	upx
behavioral1/memory/1912-6-0x0000000000E80000-0x0000000001020000-memory.dmp	upx
behavioral1/memory/1912-52-0x0000000000E80000-0x0000000001020000-memory.dmp	upx
behavioral1/memory/1912-64-0x0000000000E80000-0x0000000001020000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\3eb786e3580c5769a3ca9ffb93a38f41712b84774ec40432b11aa522061f24bb.exe
"C:\Users\Admin\AppData\Local\Temp\3eb786e3580c5769a3ca9ffb93a38f41712b84774ec40432b11aa522061f24bb.exe"
1⤵
PID:1912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1912-0-0x0000000000E80000-0x0000000001020000-memory.dmp

Filesize
1.6MB

Download
memory/1912-1-0x0000000000E80000-0x0000000001020000-memory.dmp

Filesize
1.6MB

Download
memory/1912-6-0x0000000000E80000-0x0000000001020000-memory.dmp

Filesize
1.6MB

Download
memory/1912-7-0x0000000000910000-0x0000000000911000-memory.dmp

Filesize
4KB

Download
memory/1912-9-0x0000000000C10000-0x0000000000C49000-memory.dmp

Filesize
228KB

Download
memory/1912-8-0x0000000000BD0000-0x0000000000C02000-memory.dmp

Filesize
200KB

Download
memory/1912-14-0x0000000000C10000-0x0000000000C49000-memory.dmp

Filesize
228KB

Download
memory/1912-15-0x0000000000C10000-0x0000000000C49000-memory.dmp

Filesize
228KB

Download
memory/1912-22-0x0000000047A00000-0x0000000047A6B000-memory.dmp

Filesize
428KB

Download
memory/1912-23-0x00000000476F0000-0x00000000477F0000-memory.dmp

Filesize
1024KB

Download
memory/1912-29-0x0000000000C10000-0x0000000000C49000-memory.dmp

Filesize
228KB

Download
memory/1912-44-0x0000000000920000-0x0000000000949000-memory.dmp

Filesize
164KB

Download
memory/1912-45-0x00000000476F0000-0x00000000477F0000-memory.dmp

Filesize
1024KB

Download
memory/1912-51-0x0000000000C10000-0x0000000000C49000-memory.dmp

Filesize
228KB

Download
memory/1912-52-0x0000000000E80000-0x0000000001020000-memory.dmp

Filesize
1.6MB

Download
memory/1912-53-0x0000000000BD0000-0x0000000000C02000-memory.dmp

Filesize
200KB

Download
memory/1912-54-0x00000000476F0000-0x00000000477F0000-memory.dmp

Filesize
1024KB

Download
memory/1912-55-0x00000000476F0000-0x00000000477F0000-memory.dmp

Filesize
1024KB

Download
memory/1912-64-0x0000000000E80000-0x0000000001020000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads