Overview

overview

10

Static

static

3

f2c1392136...97.exe

windows7-x64

10

f2c1392136...97.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    107s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-03-2024 12:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f2c13921364a34be545c541435cb32f20a4e7c869a469fd6276277769ef8c997.exe

  • Size

    14KB

  • MD5

    3780e329d00111af176f2a10e79bfe80

  • SHA1

    0e9e6b9c8bdfdfd6c3a0e3e47ba8daffa0cd7c59

  • SHA256

    f2c13921364a34be545c541435cb32f20a4e7c869a469fd6276277769ef8c997

  • SHA512

    6f5655dc9aa57af8266e2289713b5463078e76899527b472a232f7abb45748ced97d457bbb0b56d79267c465ca0c92453d5547c6af7ebe6f352e049d4615510f

  • SSDEEP

    192:J3mbPYCfMcrfOIoILc0w8wOmLCVgq8ejDMN1:wMCfrf5L5w8NmOVgHeUN1

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.2.105:14444

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Program crash 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f2c13921364a34be545c541435cb32f20a4e7c869a469fd6276277769ef8c997.exe
    "C:\Users\Admin\AppData\Local\Temp\f2c13921364a34be545c541435cb32f20a4e7c869a469fd6276277769ef8c997.exe"
    1⤵
      PID:3156
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 224
        2⤵
        • Program crash
        PID:2972
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 152
        2⤵
        • Program crash
        PID:2752
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3156 -ip 3156
      1⤵
        PID:4772
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3156 -ip 3156
        1⤵
          PID:2040

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3156-0-0x00000000001E0000-0x00000000001E1000-memory.dmp
          Filesize

          4KB

          Download
        • memory/3156-1-0x0000000000400000-0x0000000000409000-memory.dmp
          Filesize

          36KB

          Download