metasploit | c03b180ffea96b8e5ddc305caa8da04dfc733c065e7cfe79c9d00227f89e81c4

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22-04-2024 02:19

Target

c03b180ffea96b8e5ddc305caa8da04dfc733c065e7cfe79c9d00227f89e81c4.exe
Size

1.6MB
MD5

035793d48d7e7d76fbc41135266b183e
SHA1

7b85b4e8d640476a77f4eefd1e3361bf3883998f
SHA256

c03b180ffea96b8e5ddc305caa8da04dfc733c065e7cfe79c9d00227f89e81c4
SHA512

9aeca47b82eebd49abedaf232e3c5c1f1df7854ef12b1899941118c04559479043720ddf3cc0cdcfd2e06554387fc0aa173c99c2aafc786e63a261d1757d2942
SSDEEP

24576:FuYrVFJhs2qGTgIoGa66zj6FQvY5fA+6by5Z:HjXslC96AL5fAx2

Score

10^/10

Family

metasploit

Version

metasploit_stager

192.168.4.126:3333

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

c03b180ffea96b8e5ddc305caa8da04dfc733c065e7cfe79c9d00227f89e81c4.exe

description	pid	process	target process
PID 2520 wrote to memory of 3348	2520	c03b180ffea96b8e5ddc305caa8da04dfc733c065e7cfe79c9d00227f89e81c4.exe	cmd.exe
PID 2520 wrote to memory of 3348	2520	c03b180ffea96b8e5ddc305caa8da04dfc733c065e7cfe79c9d00227f89e81c4.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\c03b180ffea96b8e5ddc305caa8da04dfc733c065e7cfe79c9d00227f89e81c4.exe
"C:\Users\Admin\AppData\Local\Temp\c03b180ffea96b8e5ddc305caa8da04dfc733c065e7cfe79c9d00227f89e81c4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2520

memory/2520-0-0x00000216CF930000-0x00000216CF931000-memory.dmp

Filesize
4KB

Download