Overview

overview

10

Static

static

3

a4d3cafbeb...3e.exe

windows7-x64

10

a4d3cafbeb...3e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2024 21:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a4d3cafbebcae8e36642224cc1df9845e1c7faf1858faea7037b2d969b57bf3e.exe

  • Size

    14KB

  • MD5

    c4d8050732c94ff27da133ff25c7b5ed

  • SHA1

    c7cae371be6de609e9cad803cd937d725e768100

  • SHA256

    a4d3cafbebcae8e36642224cc1df9845e1c7faf1858faea7037b2d969b57bf3e

  • SHA512

    7fbbab74c4e2aa76ca58382cdcdc0df43b1d59077109324651e1d5b5e156c6a3bd81a0a18ca7a612452bd3bb241cb8ce7430cb144a6e192bb58df760702a0b08

  • SSDEEP

    192:W3mbPYCfMcrfOIuZmvKQxtzlSIVX6NOsZpzyejDMN1:1MCfrfQ6tBSIuXueUN1

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://192.168.1.134:80/sHi8

Attributes
  • headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

Processes

  • C:\Users\Admin\AppData\Local\Temp\a4d3cafbebcae8e36642224cc1df9845e1c7faf1858faea7037b2d969b57bf3e.exe
    "C:\Users\Admin\AppData\Local\Temp\a4d3cafbebcae8e36642224cc1df9845e1c7faf1858faea7037b2d969b57bf3e.exe"
    1⤵
      PID:2280

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2280-0-0x00000000001D0000-0x00000000001D1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2280-1-0x0000000000400000-0x0000000000409000-memory.dmp
      Filesize

      36KB

      Download
    • memory/2280-3-0x0000000000400000-0x0000000000409000-memory.dmp
      Filesize

      36KB

      Download