metasploit | 96f3980ae19783e29dea274ddcf99b491e391b88b366f42d4defe9fea40f75ce

Analysis

max time kernel
133s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 00:48

Target

96f3980ae19783e29dea274ddcf99b491e391b88b366f42d4defe9fea40f75ce.exe
Size

72KB
MD5

31a2f4798b237827be3bbf143cdb8fb1
SHA1

5d13503b4089e99d004278dcba0a606b75001cd1
SHA256

96f3980ae19783e29dea274ddcf99b491e391b88b366f42d4defe9fea40f75ce
SHA512

c25ed1471236573197cc8eef70b30655b46591c426977a97db0987832b8cc49a8c85b06173ba77d29c5861b153fd522793dbc1c29eab95a6b76e0c10236b299d
SSDEEP

1536:ILTYdVOXo85KtNuEzzy45xD3uqBGMb+KR0Nc8QsJq39:u484i+Ge0Nc8QsC9

Score

10^/10

Family

metasploit

Version

windows/exec

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

96f3980ae19783e29dea274ddcf99b491e391b88b366f42d4defe9fea40f75ce.exe

description	pid	process	target process
PID 216 wrote to memory of 4908	216	96f3980ae19783e29dea274ddcf99b491e391b88b366f42d4defe9fea40f75ce.exe	cmd.exe
PID 216 wrote to memory of 4908	216	96f3980ae19783e29dea274ddcf99b491e391b88b366f42d4defe9fea40f75ce.exe	cmd.exe
PID 216 wrote to memory of 4908	216	96f3980ae19783e29dea274ddcf99b491e391b88b366f42d4defe9fea40f75ce.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\96f3980ae19783e29dea274ddcf99b491e391b88b366f42d4defe9fea40f75ce.exe
"C:\Users\Admin\AppData\Local\Temp\96f3980ae19783e29dea274ddcf99b491e391b88b366f42d4defe9fea40f75ce.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:216

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C echo 'OS{eed57d6ad7822fcb5ef8fcc936c278b1}'
2⤵
PID:4908

memory/216-0-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download