metasploit | 8b10277a3fd1f11724315334296f96465a3af112036de820c93415a5f905ae44

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
13/11/2023, 12:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

msf86.exe
Size

72KB
MD5

25aaf0b185ae1a07414b90bb547ee3d5
SHA1

c95aa760b4983fc9b20227f7aecf573b5288c4e0
SHA256

8b10277a3fd1f11724315334296f96465a3af112036de820c93415a5f905ae44
SHA512

3c3b01326d5820a5cf3ebb7888f27bf3c7e64fd30169198f4dad2585612adf2dab54027cb1b09bdb908a84b8c4cffc66db27af2802443188c310f6c278ff852a
SSDEEP

1536:IPPEdUvWwwbUi9OwZ37XnrZbt4SnQIQYQMb+KR0Nc8QsJq39:GP4MWjoDwJXv4WGNe0Nc8QsC9

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

216.238.78.86:4444

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4688	svchost.exe

C:\Users\Admin\AppData\Local\Temp\msf86.exe
"C:\Users\Admin\AppData\Local\Temp\msf86.exe"
1⤵
PID:3088

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1988

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3088-0-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download
memory/4688-1-0x0000023AAAE50000-0x0000023AAAE60000-memory.dmp

Filesize
64KB

Download
memory/4688-17-0x0000023AAAF50000-0x0000023AAAF60000-memory.dmp

Filesize
64KB

Download
memory/4688-33-0x0000023AB3540000-0x0000023AB3541000-memory.dmp

Filesize
4KB

Download
memory/4688-34-0x0000023AB3560000-0x0000023AB3561000-memory.dmp

Filesize
4KB

Download
memory/4688-35-0x0000023AB3560000-0x0000023AB3561000-memory.dmp

Filesize
4KB

Download
memory/4688-36-0x0000023AB3560000-0x0000023AB3561000-memory.dmp

Filesize
4KB

Download
memory/4688-37-0x0000023AB3560000-0x0000023AB3561000-memory.dmp

Filesize
4KB

Download
memory/4688-38-0x0000023AB3560000-0x0000023AB3561000-memory.dmp

Filesize
4KB

Download
memory/4688-39-0x0000023AB3560000-0x0000023AB3561000-memory.dmp

Filesize
4KB

Download
memory/4688-40-0x0000023AB3560000-0x0000023AB3561000-memory.dmp

Filesize
4KB

Download
memory/4688-41-0x0000023AB3560000-0x0000023AB3561000-memory.dmp

Filesize
4KB

Download
memory/4688-42-0x0000023AB3560000-0x0000023AB3561000-memory.dmp

Filesize
4KB

Download
memory/4688-43-0x0000023AB3560000-0x0000023AB3561000-memory.dmp

Filesize
4KB

Download
memory/4688-44-0x0000023AB3190000-0x0000023AB3191000-memory.dmp

Filesize
4KB

Download
memory/4688-45-0x0000023AB3180000-0x0000023AB3181000-memory.dmp

Filesize
4KB

Download
memory/4688-47-0x0000023AB3190000-0x0000023AB3191000-memory.dmp

Filesize
4KB

Download
memory/4688-50-0x0000023AB3180000-0x0000023AB3181000-memory.dmp

Filesize
4KB

Download
memory/4688-53-0x0000023AB30C0000-0x0000023AB30C1000-memory.dmp

Filesize
4KB

Download
memory/4688-65-0x0000023AB32C0000-0x0000023AB32C1000-memory.dmp

Filesize
4KB

Download
memory/4688-67-0x0000023AB32D0000-0x0000023AB32D1000-memory.dmp

Filesize
4KB

Download
memory/4688-68-0x0000023AB32D0000-0x0000023AB32D1000-memory.dmp

Filesize
4KB

Download
memory/4688-69-0x0000023AB33E0000-0x0000023AB33E1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads