Overview

overview

10

Static

static

3

e13bc123c0...96.exe

windows7-x64

10

e13bc123c0...96.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-04-2024 01:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96.exe

  • Size

    11.4MB

  • MD5

    f25585c1b52299fb5286680b7303e3fa

  • SHA1

    a45fa68de02fe4d2fca32d7b867bd10babe98b28

  • SHA256

    e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96

  • SHA512

    cdbcfe7693651d288750c89d45982eecd617694181ed9358d43ca3854aa5dd0e50843517f73e3898d1228fab5957afb833e846dbd354af529fcc47dd06cffe1a

  • SSDEEP

    196608:Jua9H1n4YZUIeeUVJsv6tWKFdu9CY+7f:xyPVJsv6tWKFdu9Cx

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://134.175.182.163:8443/rpc

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96.exe
    "C:\Users\Admin\AppData\Local\Temp\e13bc123c08904058254d8faf925263e99f08e2c4e4cecc5d2ba65d6d217bb96.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4804-0-0x00000000037A0000-0x00000000037A1000-memory.dmp

    Filesize

    4KB

    Download