metasploit | 65d073da0d265b9b8e4f4284e7850af051908289158877168214cf25e3bc8461 | Triage

Submit
Reports

Overview

overview

Static

static

8

65d073da0d...61.doc

windows7-x64

65d073da0d...61.doc

windows10-2004-x64

6

Sharing

General

Target

65d073da0d265b9b8e4f4284e7850af051908289158877168214cf25e3bc8461
Size

43KB
Sample

240530-bw3dmaae79
MD5

ce9d441c46ef4168488bb38148974c33
SHA1

d5b1a13e8be4b770fabcf4278d5adf69b1562a0d
SHA256

65d073da0d265b9b8e4f4284e7850af051908289158877168214cf25e3bc8461
SHA512

c737b91150d5608bba2abd7c8bb829ec870d4aba249e61b2b213cd51b682558c3de2bd5864f49549dc0b2397264616ae43ff8d638252222d4b45dfb35d4d728b
SSDEEP

384:Cg8iSwvxjk+txZEF+pek/iEVd8sfR3rGscsd71I5KA0j4/ItSzY:CGxw+t4F+pekq6d/fhrGsceIZ3/nY

Score

10^/10

metasploit backdoor macro macro_on_action trojan

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

65d073da0d265b9b8e4f4284e7850af051908289158877168214cf25e3bc8461.doc

Resource

win7-20231129-en

metasploit backdoor trojan

windows7-x64

9 signatures

60 seconds

Behavioral task

behavioral2

Sample

65d073da0d265b9b8e4f4284e7850af051908289158877168214cf25e3bc8461.doc

Resource

win10v2004-20240508-en

windows10-2004-x64

7 signatures

60 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://10.10.10.10:80/oEXP

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)

Targets

- Target
  
  65d073da0d265b9b8e4f4284e7850af051908289158877168214cf25e3bc8461
- Size
  
  43KB
- MD5
  
  ce9d441c46ef4168488bb38148974c33
- SHA1
  
  d5b1a13e8be4b770fabcf4278d5adf69b1562a0d
- SHA256
  
  65d073da0d265b9b8e4f4284e7850af051908289158877168214cf25e3bc8461
- SHA512
  
  c737b91150d5608bba2abd7c8bb829ec870d4aba249e61b2b213cd51b682558c3de2bd5864f49549dc0b2397264616ae43ff8d638252222d4b45dfb35d4d728b
- SSDEEP
  
  384:Cg8iSwvxjk+txZEF+pek/iEVd8sfR3rGscsd71I5KA0j4/ItSzY:CGxw+t4F+pekq6d/fhrGsceIZ3/nY
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macromacro_on_action

behavioral1

metasploitbackdoortrojan

behavioral2

© 2018-2024

Terms | Privacy