metasploit | aed21c1ef0324c688ee224932c7da4528f7217cf1d96259467d86b53b4d1fb93

Analysis

max time kernel
130s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
06-05-2024 02:05

Target

aed21c1ef0324c688ee224932c7da4528f7217cf1d96259467d86b53b4d1fb93.exe
Size

72KB
MD5

40f3fe1507427528a1f860b3fc14d90e
SHA1

0310d62536410c32708df090bf9be288b015af20
SHA256

aed21c1ef0324c688ee224932c7da4528f7217cf1d96259467d86b53b4d1fb93
SHA512

f52041b3caed4f92ea37264f89333f135be88919976fdfc2cf2c66c4420620d1cef948aa2ab6d75fe413b9f723604de113f40b2a59d9f7dac51fe263590156c5
SSDEEP

1536:ILTYdVOXo+5KtNuEzzy45xD3uqBGMb+KR0Nc8QsJq39:u4+4i+Ge0Nc8QsC9

Score

10^/10

Family

metasploit

Version

windows/exec

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

aed21c1ef0324c688ee224932c7da4528f7217cf1d96259467d86b53b4d1fb93.exe

description	pid	process	target process
PID 388 wrote to memory of 1700	388	aed21c1ef0324c688ee224932c7da4528f7217cf1d96259467d86b53b4d1fb93.exe	cmd.exe
PID 388 wrote to memory of 1700	388	aed21c1ef0324c688ee224932c7da4528f7217cf1d96259467d86b53b4d1fb93.exe	cmd.exe
PID 388 wrote to memory of 1700	388	aed21c1ef0324c688ee224932c7da4528f7217cf1d96259467d86b53b4d1fb93.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\aed21c1ef0324c688ee224932c7da4528f7217cf1d96259467d86b53b4d1fb93.exe
"C:\Users\Admin\AppData\Local\Temp\aed21c1ef0324c688ee224932c7da4528f7217cf1d96259467d86b53b4d1fb93.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:388

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C echo 'OS{c687246925722176c227158a17036e4f}'
2⤵
PID:1700

memory/388-0-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download