Overview

overview

10

Static

static

10

c65316ba44...5f.exe

windows7-x64

10

c65316ba44...5f.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 17:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c65316ba444468cda548e215fc0989fa1716a57819eef7b311c581e81890cd5f.exe

  • Size

    4.5MB

  • MD5

    047715e90ac9c626d3f80b47c4dce481

  • SHA1

    51b57299d3bb0c24d5d181ebaa10d5a0a653a3f0

  • SHA256

    c65316ba444468cda548e215fc0989fa1716a57819eef7b311c581e81890cd5f

  • SHA512

    48f41839f02c4648b531d48441eaaf89cc070a2163fd71eb32e2d3fdb23e6caa7021540d516b0b6789099414ee180fcffbc063cdb58764728b736cc7cddb76c1

  • SSDEEP

    98304:WXr3ay/mq1BjDtkQ079UKTzY32d6xayyNzped9HziQTQwFYT:W7ay+q1HKUKcZxayyGd9HFkvT

Score
10/10
metasploitbackdoortrojanupx

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.149.133:9080

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\c65316ba444468cda548e215fc0989fa1716a57819eef7b311c581e81890cd5f.exe
    "C:\Users\Admin\AppData\Local\Temp\c65316ba444468cda548e215fc0989fa1716a57819eef7b311c581e81890cd5f.exe"
    1⤵
      PID:2320

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2320-0-0x0000000000400000-0x0000000000491000-memory.dmp
      Filesize

      580KB

      Download
    • memory/2320-1-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2320-2-0x0000000000400000-0x0000000000491000-memory.dmp
      Filesize

      580KB

      Download