metasploit | 1edcbfad6072ed9afad5e1df099678694d67202e4579817ba34b0b0bed93195e

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 19:38

Target

1edcbfad6072ed9afad5e1df099678694d67202e4579817ba34b0b0bed93195e.exe
Size

72KB
MD5

7e22ed13ef5219083e4e8bb508387c92
SHA1

3c728f136d6664547e6847b775e7efa563309f4f
SHA256

1edcbfad6072ed9afad5e1df099678694d67202e4579817ba34b0b0bed93195e
SHA512

40fbfc1fe1f83d01c09bf2383d084a084aa06cbf4cf951b09c53e2bac4477f87a8a50d99d2f7c6b8f244bd21db77784980743eb3acfcd8b47631fdd6c389313d
SSDEEP

1536:ILTYdVOXo/5KtNuEzzy45xD3uqBGMb+KR0Nc8QsJq39:u4/4i+Ge0Nc8QsC9

Score

10^/10

Family

metasploit

Version

windows/exec

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

1edcbfad6072ed9afad5e1df099678694d67202e4579817ba34b0b0bed93195e.exe

description	pid	process	target process
PID 2172 wrote to memory of 2936	2172	1edcbfad6072ed9afad5e1df099678694d67202e4579817ba34b0b0bed93195e.exe	cmd.exe
PID 2172 wrote to memory of 2936	2172	1edcbfad6072ed9afad5e1df099678694d67202e4579817ba34b0b0bed93195e.exe	cmd.exe
PID 2172 wrote to memory of 2936	2172	1edcbfad6072ed9afad5e1df099678694d67202e4579817ba34b0b0bed93195e.exe	cmd.exe
PID 2172 wrote to memory of 2936	2172	1edcbfad6072ed9afad5e1df099678694d67202e4579817ba34b0b0bed93195e.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\1edcbfad6072ed9afad5e1df099678694d67202e4579817ba34b0b0bed93195e.exe
"C:\Users\Admin\AppData\Local\Temp\1edcbfad6072ed9afad5e1df099678694d67202e4579817ba34b0b0bed93195e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2172

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C echo 'OS{1f1864d4636178c5e2e471b791f9a139}'
2⤵
PID:2936

memory/2172-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download