metasploit | b8589503320a67959d07b0742e4023bafb203435cd89afc76b4b56a1f8f6d2f5 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 12:43

Sharing

Report Analysis Logs

General

Target

bbd668fff3810c88a70f686b2ee7da99.exe
Size

76KB
MD5

bbd668fff3810c88a70f686b2ee7da99
SHA1

61e37acd8a82b56999304eadee10b6cbefcb483f
SHA256

b8589503320a67959d07b0742e4023bafb203435cd89afc76b4b56a1f8f6d2f5
SHA512

16bfe81d5bf775d694ac887c65ea556f2ec56d429e0556a0565e391ca3f20ceeb6efba21955e09bdea38cff8419dd846fb719cc648333b7b2e53ab9d1ebf5fab
SSDEEP

768:4NC7Rhm+7N7CjjwLWjACf275yrulwa6DOlfuX3J:4NC798j0LWjAWIgolGnJ

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 1936	1964	bbd668fff3810c88a70f686b2ee7da99.exe	29
PID 1964 wrote to memory of 1936	1964	bbd668fff3810c88a70f686b2ee7da99.exe	29
PID 1964 wrote to memory of 1936	1964	bbd668fff3810c88a70f686b2ee7da99.exe	29
PID 1964 wrote to memory of 1936	1964	bbd668fff3810c88a70f686b2ee7da99.exe	29

C:\Users\Admin\AppData\Local\Temp\bbd668fff3810c88a70f686b2ee7da99.exe
"C:\Users\Admin\AppData\Local\Temp\bbd668fff3810c88a70f686b2ee7da99.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\calc.exe
  calc.exe
  2⤵
  PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1964-1-0x0000000000450000-0x0000000000550000-memory.dmp

Filesize
1024KB

Download