metasploit | e8f005ce4e9078494fdaf00be420f372183f97d4e1dc9c19aa55508931fae955

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 23:00

Target

44a696178c152c9cfe82c7a76161c7b9.exe
Size

72KB
MD5

44a696178c152c9cfe82c7a76161c7b9
SHA1

749261f49ccd3f6d340a0f67fdb41f361682983c
SHA256

e8f005ce4e9078494fdaf00be420f372183f97d4e1dc9c19aa55508931fae955
SHA512

74b6391fbe01fa1587f9e1b76fad3dd5b0b4250165619d7c4d2f2a3b352942d415ed86c0b03732f15544e757b361174a818e159c1065ef47b1be17a4764728e8
SSDEEP

1536:Io1jOE4T5qOHZ063LsbzISUyt/7A9pMb+KR0Nc8QsJq39:zj6gOHZLVSUre0Nc8QsC9

Score

10^/10

Family

metasploit

Version

encoder/call4_dword_xor

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 2160	404	44a696178c152c9cfe82c7a76161c7b9.exe	100
PID 404 wrote to memory of 2160	404	44a696178c152c9cfe82c7a76161c7b9.exe	100
PID 404 wrote to memory of 2160	404	44a696178c152c9cfe82c7a76161c7b9.exe	100

C:\Users\Admin\AppData\Local\Temp\44a696178c152c9cfe82c7a76161c7b9.exe
"C:\Users\Admin\AppData\Local\Temp\44a696178c152c9cfe82c7a76161c7b9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:404
- C:\Windows\SysWOW64\cmd.exe
  cmd
  2⤵
  PID:2160

memory/404-0-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download