metasploit | 3669db0928f84f3370a27135efd64bdb8fc5f255713c787b008bc35a6bc53fed

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 08:46 UTC

Target

c5739c24d8cefd23c921e9edfb6ddc47.exe
Size

10KB
MD5

c5739c24d8cefd23c921e9edfb6ddc47
SHA1

057182357d2443e1bba28b3dd2c2fd27eeae89b5
SHA256

3669db0928f84f3370a27135efd64bdb8fc5f255713c787b008bc35a6bc53fed
SHA512

8d38019b4beb15e6ee88f12c290cb5ed06b924140bbe09185cae394766ef84651426c5d0a9594ae5f21366fd153a69f19e60308b193ba3e4eaefeca1964924d6
SSDEEP

192:3vgU3MtZjVp24ff6j1QDjOcQH3J0LxdN7E5pz6rJoZZPDB:B8Zfij16jvQXsxdN7mzPD

Score

10^/10

Family

metasploit

Version

windows/single_exec

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2496	2324	c5739c24d8cefd23c921e9edfb6ddc47.exe	29
PID 2324 wrote to memory of 2496	2324	c5739c24d8cefd23c921e9edfb6ddc47.exe	29
PID 2324 wrote to memory of 2496	2324	c5739c24d8cefd23c921e9edfb6ddc47.exe	29
PID 2324 wrote to memory of 2496	2324	c5739c24d8cefd23c921e9edfb6ddc47.exe	29

C:\Users\Admin\AppData\Local\Temp\c5739c24d8cefd23c921e9edfb6ddc47.exe
"C:\Users\Admin\AppData\Local\Temp\c5739c24d8cefd23c921e9edfb6ddc47.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\SysWOW64\calc.exe
  calc.exe
  2⤵
  PID:2496

memory/2324-1-0x0000000000700000-0x0000000000800000-memory.dmp

Filesize
1024KB

Download