metasploit | f5cd5d418020719721253fa22b9e53db8999314d7e46ecfac8c653800a9c1508 | Triage

Submit
Reports

Overview

overview

Static

static

crmsannicor.exe

windows7-x64

crmsannicor.exe

windows10-2004-x64

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 09:42

Sharing

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

crmsannicor.exe

Resource

win7-20240215-en

metasploit backdoor trojan

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

crmsannicor.exe

Resource

win10v2004-20240412-en

metasploit backdoor trojan

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

crmsannicor.exe
Size

72KB
MD5

3b281ff9ca4716412a209a910800cfaf
SHA1

2e61a1f5b186179fbdd64e7e729e6d4dc7a88186
SHA256

f5cd5d418020719721253fa22b9e53db8999314d7e46ecfac8c653800a9c1508
SHA512

eb699757c21557e65a641bfdafe51dfee46b8bfe1e14836a5e42cc1a2e122b5c61335ca6a982b2ca28a900d9369da794e1a962ebcdd2bd56e6d64ad0d462cdc2
SSDEEP

1536:ICi3MwChivwkDuZ3rszH+0ZMb+KR0Nc8QsJq39:TiLp46De0Nc8QsC9

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

44.210.111.57:4443

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\crmsannicor.exe
"C:\Users\Admin\AppData\Local\Temp\crmsannicor.exe"
1⤵
PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2516-0-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download

© 2018-2024

Terms | Privacy