metasploit | 354278300c60dcd2260e5b19c0d6dc2d87b1c00dab5e7400732253582c5765c3 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 18:07

Sharing

Report Analysis Logs

General

Target

33436ef9a271752566b1b605aa3fe8c7.exe
Size

76KB
MD5

33436ef9a271752566b1b605aa3fe8c7
SHA1

b27e311b6af5a35c719772d9dc886b988928801b
SHA256

354278300c60dcd2260e5b19c0d6dc2d87b1c00dab5e7400732253582c5765c3
SHA512

63795dc727d5fa3930aafc8c8ffa7d0f9e1be85b36e131a4e45c95f44a6701d9549c221841d2d140682498bc7c454e750133189d18aef802243e248dc6e418ba
SSDEEP

768:TsPU7ImB7mjjwLWjACf275yrulwa6DOlfuX3J:YPU7fMj0LWjAWIgolGnJ

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2776	2492	33436ef9a271752566b1b605aa3fe8c7.exe	29
PID 2492 wrote to memory of 2776	2492	33436ef9a271752566b1b605aa3fe8c7.exe	29
PID 2492 wrote to memory of 2776	2492	33436ef9a271752566b1b605aa3fe8c7.exe	29
PID 2492 wrote to memory of 2776	2492	33436ef9a271752566b1b605aa3fe8c7.exe	29

C:\Users\Admin\AppData\Local\Temp\33436ef9a271752566b1b605aa3fe8c7.exe
"C:\Users\Admin\AppData\Local\Temp\33436ef9a271752566b1b605aa3fe8c7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\SysWOW64\calc.exe
  calc.exe
  2⤵
  PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2492-1-0x0000000000200000-0x0000000000300000-memory.dmp

Filesize
1024KB

Download