metasploit | a2ac0a665c84a1f08ef9af0cd2c11d907f17302c9362084abf66b16dc2841b0d

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
04-11-2023 17:36

Target

a2ac0a665c84a1f08ef9af0cd2c11d907f17302c9362084abf66b16dc2841b0d.exe
Size

14KB
MD5

0d9c8d7b5133509bd567ccb24d6acad2
SHA1

130a74d508a4aa916b984cdc2229cab8158010b3
SHA256

a2ac0a665c84a1f08ef9af0cd2c11d907f17302c9362084abf66b16dc2841b0d
SHA512

92ed52de71604949eeb4ab6e939b74c85af413d79a10c2fee9c26510dd3b84c28c3446484a616353aac83b75ce3c05ce4c7e7fb5f910336671a25688b8dbbc37
SSDEEP

192:f3mbPYCfMcrfOIuZmvKQxtzlSIVX6NOyn/ZejDMN1:uMCfrfQ6tBSIqxeUN1

Score

10^/10

Family

metasploit

Version

windows/download_exec

http://85.31.233.108:80/rQb7

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Program crash 1 IoCs

pid	pid_target	Process	procid_target
448	880	WerFault.exe	84

C:\Users\Admin\AppData\Local\Temp\a2ac0a665c84a1f08ef9af0cd2c11d907f17302c9362084abf66b16dc2841b0d.exe
"C:\Users\Admin\AppData\Local\Temp\a2ac0a665c84a1f08ef9af0cd2c11d907f17302c9362084abf66b16dc2841b0d.exe"
1⤵
PID:880
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 1184
  2⤵
  - Program crash
  PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 880 -ip 880
1⤵
PID:4104

memory/880-0-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/880-1-0x0000000003730000-0x0000000003B30000-memory.dmp

Filesize
4.0MB

Download
memory/880-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download