Overview

overview

10

Static

static

3

sf-djcdn2096.exe

windows7-x64

10

sf-djcdn2096.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    160s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/10/2023, 20:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    sf-djcdn2096.exe

  • Size

    11.4MB

  • MD5

    e32d53c04e73d46816bf05af8b5be9ac

  • SHA1

    8f71e811c1da3b6af4c5828b54a60ce5a0cd7d4b

  • SHA256

    04c2cedb188251ddcbed98ccd0c99d727d1b52d949e27272c618d1981d170094

  • SHA512

    b6f2c72fde52f6c0737db47082891e1d365ad5b8948353878101492910876210934a720d12af0ac62b42e542b904949cd41b315f912f2a6b89796aef9ab7b4b9

  • SSDEEP

    196608:Jua9H1n4YZUIee9VJsv6tWKFdu9CY+7f:xyGVJsv6tWKFdu9Cx

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://yqaq3a.cokawa.xyz:2096/Hh3AxTtODJwkcSVwQVbqMQwULHOwvJ_LE1eXMebFwbFFGqkECvfpWGak6Y7moJcZ7oQqvv0mx-5Dcwj7ZF5ywZthazdPRKN0ULA

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Downloads MZ/PE file
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sf-djcdn2096.exe
    "C:\Users\Admin\AppData\Local\Temp\sf-djcdn2096.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4864

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4864-0-0x0000000003500000-0x0000000003501000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4864-2-0x0000000004F80000-0x0000000005380000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/4864-1-0x0000000005380000-0x00000000053B1000-memory.dmp

          Filesize

          196KB

          Download

        • memory/4864-6-0x0000000004F80000-0x0000000005380000-memory.dmp

          Filesize

          4.0MB

          Download