Overview

overview

10

Static

static

3

bb9e514a09...e2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-05-2024 04:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb9e514a09715b3c0f8afde18a74d88e618eb4eea8b4d3031882032e423954e2.exe

  • Size

    69KB

  • MD5

    3c92e36dbf5ff1a5a4754da11b932306

  • SHA1

    1385e804ab96adad64c8bb6f777db0b158611f61

  • SHA256

    bb9e514a09715b3c0f8afde18a74d88e618eb4eea8b4d3031882032e423954e2

  • SHA512

    bddefd556e0c8fc8bed4f284a89e4c2f65b6f194e20725c137407f20f73f4f6cac52906a94ab33068857692d7d8ebbf660c42bf6539b48c8012bc781b29211d3

  • SSDEEP

    768:ZIcdcQY/sQskPu+58oskuJmbYhEEuO5bQlUtNK/WuKhzCna5yPS:Z6K8SosBJVbQ+yk5yP

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://arress.windowshostnamehost.club:8585/kF2y

Attributes
  • headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb9e514a09715b3c0f8afde18a74d88e618eb4eea8b4d3031882032e423954e2.exe
    "C:\Users\Admin\AppData\Local\Temp\bb9e514a09715b3c0f8afde18a74d88e618eb4eea8b4d3031882032e423954e2.exe"
    1⤵
      PID:3508
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 1244
        2⤵
        • Program crash
        PID:4128
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3508 -ip 3508
      1⤵
        PID:4540

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3508-0-0x00000000014C0000-0x00000000014C1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3508-1-0x0000000003CD0000-0x00000000040D0000-memory.dmp
        Filesize

        4.0MB

        Download