metasploit | 5ffcefa959fec4defadc9616e63b73502fd6873f14abdce4b8fa95667b21f34e

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2023 07:57

Target

5ffcefa959fec4defadc9616e63b73502fd6873f14abdce4b8fa95667b21f34e.exe
Size

3.6MB
MD5

1dfc7c9295e37d5fce9deadf22a3d0d2
SHA1

bfec82762df22ccd2540813bc7cb89f57d8ce1c1
SHA256

5ffcefa959fec4defadc9616e63b73502fd6873f14abdce4b8fa95667b21f34e
SHA512

1b7910e492d4319e9f18db337ba470e055e393ac8264d4530be60673d82dae1b7069c7a69977cf229efbe37cb4c9dcd2a9af917d8c6c7eef117149628f7d92ac
SSDEEP

98304:MllEtuUuVOLnvzARcehASNY6hrLOuWeN5KjIJNpO0bb:KML8RvASbhrquWeswO0

Score

10^/10

Family

metasploit

Version

metasploit_stager

172.19.96.147:10000

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
behavioral2/memory/1608-0-0x0000000140000000-0x00000001409A16B1-memory.dmp	themida
behavioral2/memory/1608-1-0x0000000140000000-0x00000001409A16B1-memory.dmp	themida

C:\Users\Admin\AppData\Local\Temp\5ffcefa959fec4defadc9616e63b73502fd6873f14abdce4b8fa95667b21f34e.exe
"C:\Users\Admin\AppData\Local\Temp\5ffcefa959fec4defadc9616e63b73502fd6873f14abdce4b8fa95667b21f34e.exe"
1⤵
PID:1608

memory/1608-0-0x0000000140000000-0x00000001409A16B1-memory.dmp

Filesize
9.6MB

Download
memory/1608-1-0x0000000140000000-0x00000001409A16B1-memory.dmp

Filesize
9.6MB

Download