metasploit | ceab7cefdbb9c62221c85cf138a2446c4460c3701e463487906eba23b6df6844

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

天神魔域.exe
Size

1.8MB
MD5

5e3b27ad011681c8f3a4338d82772e8a
SHA1

e6b4657011102a10dfbd1f54d4765f3422df40ca
SHA256

ceab7cefdbb9c62221c85cf138a2446c4460c3701e463487906eba23b6df6844
SHA512

ddcf1010e422babb2a13d1402d50209431f632ab8c349da2b8a708c6bb425c3bf2d655709c222b230f1044b94ce7be0c4bf9d79eab26946549ab8f0a1547d10a
SSDEEP

24576:/3vLRdVhZBK8NogWYO098OGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ18xJIiW0MbQxA

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

1.15.12.73:4567

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

天神魔域.exe

description pid process

Token: SeDebugPrivilege 2256 天神魔域.exe
Token: SeDebugPrivilege 2256 天神魔域.exe

description	pid	process
Token: SeDebugPrivilege	2256	天神魔域.exe
Token: SeDebugPrivilege	2256	天神魔域.exe

C:\Users\Admin\AppData\Local\Temp\天神魔域.exe
"C:\Users\Admin\AppData\Local\Temp\天神魔域.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2256-0-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2256-1-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2256-2-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2256-4-0x0000000000400000-0x00000000005E5000-memory.dmp

Filesize
1.9MB

Download