Overview

overview

10

Static

static

7

860792c5fa...dd.dll

windows7-x64

7

860792c5fa...dd.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-05-2024 23:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    860792c5fa0883c6a814569c5854dfcfc75d809c9e8ecf3a3f8739e8c60325dd.dll

  • Size

    743KB

  • MD5

    8e762a019dff11129354600d1a6c11e6

  • SHA1

    51fb8d04a6add417685db5280345c4ef429ebfd4

  • SHA256

    860792c5fa0883c6a814569c5854dfcfc75d809c9e8ecf3a3f8739e8c60325dd

  • SHA512

    8db9fc3bdf0590c0320afc44efe3ec494954ecd8993c51c971b05b1ae999ede2ac8b23af7346321e1ecbca9136fcda8d151073adea967de218fbcb1ba8531560

  • SSDEEP

    12288:HIBPdteSSFv+RoBHTrMm92AxIc/FeKwzWzP039A8JuRo4hU8NGjjg9MdvKwndgg5:Hmlte7v+69HMmIATeK0UkifUCyj9Pf

Score
10/10
metasploitbackdoortrojanupx

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.1.128:1234

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\860792c5fa0883c6a814569c5854dfcfc75d809c9e8ecf3a3f8739e8c60325dd.dll
    1⤵
      PID:1116

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1116-0-0x00007FF844BD0000-0x00007FF844E89000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1116-1-0x00007FF8613B0000-0x00007FF86146E000-memory.dmp

      Filesize

      760KB

      Download

    • memory/1116-3-0x00007FF861300000-0x00007FF8613AC000-memory.dmp

      Filesize

      688KB

      Download

    • memory/1116-5-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1116-4-0x00007FF8626F0000-0x00007FF8628E5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1116-2-0x00007FF860310000-0x00007FF8605D9000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/1116-7-0x00007FF844BD0000-0x00007FF844E89000-memory.dmp

      Filesize

      2.7MB

      Download