metasploit | 67dcfc8af408e8bf57d3260d47ba6b9a374f2b56e3f03cfb2fac7ccac9ea6dde

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
17-11-2023 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67dcfc8af408e8bf57d3260d47ba6b9a374f2b56e3f03cfb2fac7ccac9ea6dde.exe
Size

5.3MB
MD5

c65e71d882a37d995b6494ba00060ce9
SHA1

600e74ec14dbf788e7101e56b40de12e2b39b59d
SHA256

67dcfc8af408e8bf57d3260d47ba6b9a374f2b56e3f03cfb2fac7ccac9ea6dde
SHA512

b16d3e75ac8ce3c0dce9aa184009d009f34763bc5c7396bae38598988818ce9ed5a6a260f458aacb6c5e0e8c219968ae72db15b8ad8a0e5da65256ab576504ad
SSDEEP

98304:xDIYIJbLpzoLLJ3TbwaVvrZE0Idx1F4fTLYwjqJFJGluFcguhaW4+r7VGqIoq5:x0L9onJ5hrZERn+ENFJzFcguwWtFbI

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

192.168.112.216:4444

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Loads dropped DLL 4 IoCs

pid	Process
3876	67dcfc8af408e8bf57d3260d47ba6b9a374f2b56e3f03cfb2fac7ccac9ea6dde.exe
3876	67dcfc8af408e8bf57d3260d47ba6b9a374f2b56e3f03cfb2fac7ccac9ea6dde.exe
3876	67dcfc8af408e8bf57d3260d47ba6b9a374f2b56e3f03cfb2fac7ccac9ea6dde.exe
3876	67dcfc8af408e8bf57d3260d47ba6b9a374f2b56e3f03cfb2fac7ccac9ea6dde.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 3876	1420	67dcfc8af408e8bf57d3260d47ba6b9a374f2b56e3f03cfb2fac7ccac9ea6dde.exe	86
PID 1420 wrote to memory of 3876	1420	67dcfc8af408e8bf57d3260d47ba6b9a374f2b56e3f03cfb2fac7ccac9ea6dde.exe	86

C:\Users\Admin\AppData\Local\Temp\67dcfc8af408e8bf57d3260d47ba6b9a374f2b56e3f03cfb2fac7ccac9ea6dde.exe
"C:\Users\Admin\AppData\Local\Temp\67dcfc8af408e8bf57d3260d47ba6b9a374f2b56e3f03cfb2fac7ccac9ea6dde.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Users\Admin\AppData\Local\Temp\67dcfc8af408e8bf57d3260d47ba6b9a374f2b56e3f03cfb2fac7ccac9ea6dde.exe
  "C:\Users\Admin\AppData\Local\Temp\67dcfc8af408e8bf57d3260d47ba6b9a374f2b56e3f03cfb2fac7ccac9ea6dde.exe"
  2⤵
  - Loads dropped DLL
  PID:3876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI14202\VCRUNTIME140.dll

Filesize
99KB

MD5
18571d6663b7d9ac95f2821c203e471f

SHA1
3c186018df04e875d6b9f83521028a21f145e3be

SHA256
0b040a314c19ff88f38fd9c89dca2d493113a6109adb8525733c3f6627da888f

SHA512
c8cbca1072b8cb04f9d82135c91ff6d7a539cb7a488671cecb6b5e2f11a4807f47ad9af5a87ebee44984ab71d7c44fc87850f9d04fd2c5019ec1b6a1b483ca21

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14202\VCRUNTIME140.dll

Filesize
99KB

MD5
18571d6663b7d9ac95f2821c203e471f

SHA1
3c186018df04e875d6b9f83521028a21f145e3be

SHA256
0b040a314c19ff88f38fd9c89dca2d493113a6109adb8525733c3f6627da888f

SHA512
c8cbca1072b8cb04f9d82135c91ff6d7a539cb7a488671cecb6b5e2f11a4807f47ad9af5a87ebee44984ab71d7c44fc87850f9d04fd2c5019ec1b6a1b483ca21

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14202\_ctypes.pyd

Filesize
123KB

MD5
8adb1345c717e575e6614e163eb62328

SHA1
f1ee3fff6e06dc4f22a5eb38c09c54580880e0a3

SHA256
65edc348db42347570578b979151b787ceebfc98e0372c28116cc229494a78a8

SHA512
0f11673854327fd2fcd12838f54c080edc4d40e4bcb50c413fe3f823056d189636dc661ea79207163f966719bf0815e1ffa75e2fb676df4e56ed6321f1ff6cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14202\_ctypes.pyd

Filesize
123KB

MD5
8adb1345c717e575e6614e163eb62328

SHA1
f1ee3fff6e06dc4f22a5eb38c09c54580880e0a3

SHA256
65edc348db42347570578b979151b787ceebfc98e0372c28116cc229494a78a8

SHA512
0f11673854327fd2fcd12838f54c080edc4d40e4bcb50c413fe3f823056d189636dc661ea79207163f966719bf0815e1ffa75e2fb676df4e56ed6321f1ff6cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14202\base_library.zip

Filesize
1005KB

MD5
b9492d4522c605e00c7ec663d653d786

SHA1
8b2e7a2d3d5c189359ca6221cdf905f6085b5ba2

SHA256
d5a16feaec8fd7ac3bd2b520181a8af1d42f2b45c6555cbe0991d3b98dcea2aa

SHA512
290d4cffda8247af1fe06c28fa054a9d30169386bff03878025664b3a4cdf251351451498cda13d97b4367dcc13166816490ce5e0c61e68d1db707ce0931197c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14202\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14202\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14202\python38.dll

Filesize
4.0MB

MD5
1f2688b97f9827f1de7dfedb4ad2348c

SHA1
a9650970d38e30835336426f704579e87fcfc892

SHA256
169eeb1bdf99ed93ca26453d5ca49339e5ae092662cd94cde09fbb10046f83fc

SHA512
27e56b2d73226e36b0c473d8eb646813997cbdf955397d0b61fcae37ed1f2c3715e589f9a07d909a967009ed2c664d14007ccf37d83a7df7ce2a0fefca615503

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14202\python38.dll

Filesize
4.0MB

MD5
1f2688b97f9827f1de7dfedb4ad2348c

SHA1
a9650970d38e30835336426f704579e87fcfc892

SHA256
169eeb1bdf99ed93ca26453d5ca49339e5ae092662cd94cde09fbb10046f83fc

SHA512
27e56b2d73226e36b0c473d8eb646813997cbdf955397d0b61fcae37ed1f2c3715e589f9a07d909a967009ed2c664d14007ccf37d83a7df7ce2a0fefca615503

Download Submit
memory/3876-23-0x000001540F4C0000-0x000001540F4C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads