metasploit | 3fda807368add7960da5a0cb3c173c313a50aac90d515e9743f5012ffff5208c

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 17:21

Target

3fda807368add7960da5a0cb3c173c313a50aac90d515e9743f5012ffff5208c.exe
Size

10.8MB
MD5

5cd48bfd2b6ba9c68fa4d885023c9f7a
SHA1

3a437c835c4f06d6722360d3a5069f373d84d3d3
SHA256

3fda807368add7960da5a0cb3c173c313a50aac90d515e9743f5012ffff5208c
SHA512

dd5ddf70602cf4c41c0d1a11f2c4ce6821e30d763ad3e5c2e22a3a2d65e301910ef545bef727c77a4a0aa4b448794cec8b320ec597bed85dfb4057f0c8971419
SSDEEP

196608:o0GqPohTvoC0PKqdMd1lLITt/oQQYkGgRIIVolSiOHRYxJslXwZ3T8AxNqKEW3:o0GqPcTATbd0HI5/KYGIyociOCzqXwTX

Score

10^/10

Family

metasploit

Version

encoder/shikata_ga_nai

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.174.131:1234

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/4008-0-0x0000000000400000-0x000000000075E000-memory.dmp	upx
behavioral2/memory/4008-2-0x0000000000400000-0x000000000075E000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\3fda807368add7960da5a0cb3c173c313a50aac90d515e9743f5012ffff5208c.exe
"C:\Users\Admin\AppData\Local\Temp\3fda807368add7960da5a0cb3c173c313a50aac90d515e9743f5012ffff5208c.exe"
1⤵
PID:4008

memory/4008-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/4008-0-0x0000000000400000-0x000000000075E000-memory.dmp

Filesize
3.4MB

Download
memory/4008-2-0x0000000000400000-0x000000000075E000-memory.dmp

Filesize
3.4MB

Download