metasploit | 65d3606b6aabe150d65b3991c4271ecff16b4cf882ffc75a4b3580a9bd160daa

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-04-2024 06:14

Target

65d3606b6aabe150d65b3991c4271ecff16b4cf882ffc75a4b3580a9bd160daa.exe
Size

888KB
MD5

f8a66f4eaf0251d95c30e8b57fd35ee0
SHA1

611241b4fa34c2dd63b68e4198496ceed7a19057
SHA256

65d3606b6aabe150d65b3991c4271ecff16b4cf882ffc75a4b3580a9bd160daa
SHA512

7e06c0db70dbe58bc07ed54fad6b62b5fc9db37228ee46fcbe5cfaf2404e043c33fc745da12041bff494010912e4f5a62af343ef899b7a16135b0c2c5006faef
SSDEEP

12288:HW9vo+eIiE84UoSqjRzRLPFDlXnrIpOfrXU6cDqjTIaJ/o69gghSX2bNEdzYQkOK:svoNILCoSqfRwZznr8TqZbzNWsClug

Score

10^/10

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.2.22:4444

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Suspicious behavior: LoadsDriver 16 IoCs

Processes:

pid process

468
468
468
468
468
468
468
468
468
468
468
468
468
468
468
468

C:\Users\Admin\AppData\Local\Temp\65d3606b6aabe150d65b3991c4271ecff16b4cf882ffc75a4b3580a9bd160daa.exe
"C:\Users\Admin\AppData\Local\Temp\65d3606b6aabe150d65b3991c4271ecff16b4cf882ffc75a4b3580a9bd160daa.exe"
1⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\CoreTemp.ini

Filesize
1KB

MD5
94b56e0809f8b30af3aaae2a68f498b3

SHA1
a37a100fe91c0d9731f325994778d7c7c033451c

SHA256
23f972f8ab3952b2f891a41bd2d151d97016ca7bc9c78df30b1ab376211c66ec

SHA512
99f7142431b98bb09eb57db3437c0fa0ee75817de9c24eb294ce53ff1cd526d96ddf8c3d12d8ed524d9676cc90098c7565004468d205e9cd0d06aaa52c748ca0

Download Submit
memory/2856-0-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2856-20-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download