metasploit | af81446395e463606eeed2bc9eb4ddcc86f98ea4b41cce7430878679d161b54c

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 16:15

Target

af81446395e463606eeed2bc9eb4ddcc86f98ea4b41cce7430878679d161b54c.exe
Size

4.5MB
MD5

575ad81ed5cf30393bd02d5da1bc70fa
SHA1

626817ec4565f5804447d80747ebb043e57f0155
SHA256

af81446395e463606eeed2bc9eb4ddcc86f98ea4b41cce7430878679d161b54c
SHA512

6c1eee2f84a77c2d397462095d302f0cfb4b0e921087f4fa74c426308ddd95cb345a5c81160cbcb6e5d49cf0ceb128ff340d4f4250dc492990176dfd644b95ff
SSDEEP

98304:2Xr3ay/mq1BjDtkQ079UKTzY32d6xayyNzped9HziQTQwFYT:27ay+q1HKUKcZxayyGd9HFkvT

Score

10^/10

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.231.135:728

Family

metasploit

Version

encoder/shikata_ga_nai

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/2032-0-0x0000000000400000-0x0000000000491000-memory.dmp	upx
behavioral1/memory/2032-2-0x0000000000400000-0x0000000000491000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\af81446395e463606eeed2bc9eb4ddcc86f98ea4b41cce7430878679d161b54c.exe
"C:\Users\Admin\AppData\Local\Temp\af81446395e463606eeed2bc9eb4ddcc86f98ea4b41cce7430878679d161b54c.exe"
1⤵
PID:2032

memory/2032-0-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2032-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2032-2-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download