metasploit | 8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:42

Target

8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe
Size

72KB
MD5

8bb2b8a6a02e3a71e5d2826b9426bdb6
SHA1

d12cfbd53157cfe9e95ffd3a78a3b2eec3307223
SHA256

8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2
SHA512

d24a05ef9140be46986e6719facdd23ea541354acd88786409c16df2b11c5e9e68bd994fb7e315d13e17c6bebe64459cda81ece6c7e5529d72ec6fa030981eb2
SSDEEP

1536:ILTYdVOXos5KtNuEzzy45xD3uqBGMb+KR0Nc8QsJq39:u4s4i+Ge0Nc8QsC9

Score

10^/10

Family

metasploit

Version

windows/exec

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe

description	pid	process	target process
PID 2260 wrote to memory of 2824	2260	8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe	cmd.exe
PID 2260 wrote to memory of 2824	2260	8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe	cmd.exe
PID 2260 wrote to memory of 2824	2260	8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe	cmd.exe
PID 2260 wrote to memory of 2824	2260	8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe
"C:\Users\Admin\AppData\Local\Temp\8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2260

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C echo 'OS{dfa61e59e64f4914038a300b5b121d7e}'
2⤵
PID:2824

memory/2260-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download