metasploit | 2986702ae852119b722794375eca6a6937470ce96f9363fbca8eb7f19700c19e

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-03-2024 18:53

Target

2986702ae852119b722794375eca6a6937470ce96f9363fbca8eb7f19700c19e.exe
Size

217KB
MD5

80581beaf2ac3a69c21a50e6f15c3b19
SHA1

58eb556be39086cdb84428bf69466079d7a31cae
SHA256

2986702ae852119b722794375eca6a6937470ce96f9363fbca8eb7f19700c19e
SHA512

fb38756af311d50b3af1cbf02269ed01b7843622f9e872443155b5bb68017bdbc56166f4c89557b5d5023e70112e25ecdeada3ce3503c31f30cdc1d637b0799b
SSDEEP

3072:IUxKmyBNRN4kEVaXjtkprCiJOHohACfOX1uAj4z+iguOdcYIwkIzhuPeEnDj1PIi:lKbBNRXG4UCiJOWO4lBOdcYI5KcnDj6

Score

10^/10

Family

metasploit

Version

encoder/shikata_ga_nai

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.1.42:443

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

UPX dump on OEP (original entry point) 2 IoCs

resource	yara_rule
behavioral1/memory/2156-0-0x0000000000400000-0x0000000000453000-memory.dmp	UPX
behavioral1/memory/2156-2-0x0000000000400000-0x0000000000453000-memory.dmp	UPX

C:\Users\Admin\AppData\Local\Temp\2986702ae852119b722794375eca6a6937470ce96f9363fbca8eb7f19700c19e.exe
"C:\Users\Admin\AppData\Local\Temp\2986702ae852119b722794375eca6a6937470ce96f9363fbca8eb7f19700c19e.exe"
1⤵
PID:2156

memory/2156-0-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2156-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2156-2-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download