Overview

overview

10

Static

static

10

07ca48a9d7...3a.exe

windows7-x64

10

07ca48a9d7...3a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-06-2024 12:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07ca48a9d7ceb7adb279e6df61eed9a369e50718adf4560f08368a1d17cf5c3a.exe

  • Size

    5.4MB

  • MD5

    70f4a63fcbcc57812ba5cfcb4175df79

  • SHA1

    87a8502693a47f504cde4a3f3cd796d8472eee13

  • SHA256

    07ca48a9d7ceb7adb279e6df61eed9a369e50718adf4560f08368a1d17cf5c3a

  • SHA512

    20f29cd3066339630c5c10ec946d3f3d956acbf9623edba1b4a7d6941feb29e804f39ddeff7be97587c61816c848e87c407c2e9bd35b9c0c3c9f1845ac226a53

  • SSDEEP

    98304:vCF+OIyoWoZh1i0hUNfHBiCV2HW/E9C0hUNfHBiCV2HvNX/:8+OIynoojNIKEEjNYB

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Loads dropped DLL 1 IoCs
  • Program crash 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07ca48a9d7ceb7adb279e6df61eed9a369e50718adf4560f08368a1d17cf5c3a.exe
    "C:\Users\Admin\AppData\Local\Temp\07ca48a9d7ceb7adb279e6df61eed9a369e50718adf4560f08368a1d17cf5c3a.exe"
    1⤵
    • Loads dropped DLL
    PID:2576
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 552
      2⤵
      • Program crash
      PID:5036
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 1064
      2⤵
      • Program crash
      PID:2372
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2576 -ip 2576
    1⤵
      PID:3908
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2576 -ip 2576
      1⤵
        PID:1948

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
        Filesize

        67KB

        MD5

        7d5d3e2fcfa5ff53f5ae075ed4327b18

        SHA1

        3905104d8f7ba88b3b34f4997f3948b3183953f6

        SHA256

        e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4

        SHA512

        e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589

        Download Submit
      • memory/2576-0-0x0000000000400000-0x0000000000981094-memory.dmp
        Filesize

        5.5MB

        Download
      • memory/2576-13-0x0000000004440000-0x0000000004450000-memory.dmp
        Filesize

        64KB

        Download
      • memory/2576-14-0x0000000000400000-0x0000000000981094-memory.dmp
        Filesize

        5.5MB

        Download