Overview

overview

10

Static

static

7

288d9855e9...af.exe

windows7-x64

10

288d9855e9...af.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 04:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    288d9855e9de0cfcee73d02fef6668af.exe

  • Size

    62KB

  • MD5

    288d9855e9de0cfcee73d02fef6668af

  • SHA1

    4f9ee64a5cc262d70609e374bdcef803a28208ac

  • SHA256

    edea0666049c8171aa39ffce3298aa835e3f95e945addcaa40c4c9340dd61cb7

  • SHA512

    0eb220991f9e2f36df5c28ccf0446eddb98cde6e9168c37cba4aabb2df1f909299524153d79ccd7997fb92a12f4a85a13d988fab0221b41f809914192296fd12

  • SSDEEP

    1536:WgWb2Gqbk9PlkkUuclk70Ea2meX+zhdQzjM:WRn9PlnUQ4LiIhoM

Score
10/10
metasploitbackdoortrojanupx

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\288d9855e9de0cfcee73d02fef6668af.exe
    "C:\Users\Admin\AppData\Local\Temp\288d9855e9de0cfcee73d02fef6668af.exe"
    1⤵
      PID:1044
      • C:\Windows\WindowsUpdate.exe
        "C:\Windows\WindowsUpdate.exe"
        2⤵
          PID:2380

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\WindowsUpdate.exe
        Filesize

        60KB

        MD5

        28acddf984e3a9a19742cd9e9c9f11ca

        SHA1

        12e07fd6a5744fb39cee8058796e7ea209c8a288

        SHA256

        8d360b2525dd9d133f719a296e7ac9aa951c325df3ee5b2f4df88def428161a8

        SHA512

        34b748eb6d1765b7ed336a3b84f771c28e0a59db3ad7b7e86f6219fd4bb40491b179ab41e64dc1277db8a85ebdeeb652c7a9b4240d4edbae732de3f650394004

        Download Submit

      • C:\Windows\WindowsUpdate.exe
        Filesize

        48KB

        MD5

        90b67c22d658cb4520457eafd75eddbc

        SHA1

        3e56f14ff58bed9babfcfbbb500bf585036e3923

        SHA256

        4dcc29408eb3c3096363703876312ee6665951ad9025fb93609f33fe9d884391

        SHA512

        f89c138487bf7d0ef38f69890fc057c695196a2afb87ee9208fb7295df0c1b207eba96e8a6aced13c0273484a778e7fcadb64235ab96976eb58f5fad52595287

        Download Submit

      • memory/1044-1-0x0000000000220000-0x0000000000223000-memory.dmp

        Filesize

        12KB

        Download

      • memory/1044-2-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/1044-0-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/1044-12-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/1044-8-0x0000000002B20000-0x0000000002B82000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-16-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-20-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-11-0x00000000008D0000-0x0000000000932000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-14-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-15-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-10-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-17-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-18-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-19-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-13-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-21-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-22-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-23-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-24-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-25-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-26-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2380-27-0x0000000000400000-0x0000000000462000-memory.dmp

        Filesize

        392KB

        Download