metasploit | 8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2

Analysis

max time kernel
139s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:42

Target

8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe
Size

72KB
MD5

8bb2b8a6a02e3a71e5d2826b9426bdb6
SHA1

d12cfbd53157cfe9e95ffd3a78a3b2eec3307223
SHA256

8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2
SHA512

d24a05ef9140be46986e6719facdd23ea541354acd88786409c16df2b11c5e9e68bd994fb7e315d13e17c6bebe64459cda81ece6c7e5529d72ec6fa030981eb2
SSDEEP

1536:ILTYdVOXos5KtNuEzzy45xD3uqBGMb+KR0Nc8QsJq39:u4s4i+Ge0Nc8QsC9

Score

10^/10

Family

metasploit

Version

windows/exec

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe

description	pid	process	target process
PID 2688 wrote to memory of 2752	2688	8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe	cmd.exe
PID 2688 wrote to memory of 2752	2688	8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe	cmd.exe
PID 2688 wrote to memory of 2752	2688	8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe
"C:\Users\Admin\AppData\Local\Temp\8a5fdef9b0ecf6ce17c505541f7097a77f15b6f1959cdf92c0bec96072af5fa2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /C echo 'OS{dfa61e59e64f4914038a300b5b121d7e}'
  2⤵
  PID:2752

memory/2688-0-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download