metasploit | eac3fefdb181dd483997ff45d48ddd49ce9273ed5431888a38a1c28b0606f96f | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 15:17

Sharing

Report Analysis Logs

General

Target

03654b7cbe8cb6c63e13605e16a0e944.exe
Size

1.1MB
MD5

03654b7cbe8cb6c63e13605e16a0e944
SHA1

a4dfc7b5b38a0fdebeb8208049b8efbbe87fe773
SHA256

eac3fefdb181dd483997ff45d48ddd49ce9273ed5431888a38a1c28b0606f96f
SHA512

e5e325dd0151e528e11b2e9e6d2c1876bb5e06d7e9688d96b09005f0d6c1e04bfe69d4716aff330d831b54834dcb7eec0f3b1461a4c3fa2d50aacd5630e2d063
SSDEEP

24576:F13gJnNiQQSA7Ph8NKvNUWqPU5EDvLJPjraFLR5ROWP:FWjrHKvNUTPjrkp7

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.1.1:4444

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1576	03654b7cbe8cb6c63e13605e16a0e944.exe

C:\Users\Admin\AppData\Local\Temp\03654b7cbe8cb6c63e13605e16a0e944.exe
"C:\Users\Admin\AppData\Local\Temp\03654b7cbe8cb6c63e13605e16a0e944.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1576-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1576-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download