metasploit | 2ba8877ca1e98625dcb4f6f6f99aa2225b0b77a9b3d507edffb39bb5ea75bb77

Analysis

max time kernel
147s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 13:40

Target

2ba8877ca1e98625dcb4f6f6f99aa2225b0b77a9b3d507edffb39bb5ea75bb77.exe
Size

546KB
MD5

6909f906af0bcae804363346e964a1d5
SHA1

ddad7cb8bd5b7727884772d53a40dead686b4413
SHA256

2ba8877ca1e98625dcb4f6f6f99aa2225b0b77a9b3d507edffb39bb5ea75bb77
SHA512

59e4e4800e3e738f9edb984ee7c70d7c861aabfb166c68621fca782c1acb665df37283748281f5abebd6bf7c95c3b2b2b454923a7f6a10b1aaf79edd3a7965c4
SSDEEP

3072:HkyR33czQJPY3DgFXAcdOrVICIyL773T0bmIJxmbirBCsrAUd1qZQxS:Hk2czQ5Y3Dqwcd2YIPDIJxU2RPqZH

Score

10^/10

Family

metasploit

Version

encoder/shikata_ga_nai

Family

metasploit

Version

windows/reverse_tcp

192.168.1.150:8888

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1908-0-0x0000000000400000-0x0000000000500000-memory.dmp	upx
behavioral1/memory/1908-2-0x0000000000400000-0x0000000000500000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\2ba8877ca1e98625dcb4f6f6f99aa2225b0b77a9b3d507edffb39bb5ea75bb77.exe
"C:\Users\Admin\AppData\Local\Temp\2ba8877ca1e98625dcb4f6f6f99aa2225b0b77a9b3d507edffb39bb5ea75bb77.exe"
1⤵
PID:1908

memory/1908-0-0x0000000000400000-0x0000000000500000-memory.dmp

Filesize
1024KB

Download
memory/1908-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1908-2-0x0000000000400000-0x0000000000500000-memory.dmp

Filesize
1024KB

Download