metasploit | 5a64640fe3eda42cac91b2bd088028370234702df7e7ec06e2ce7d39e2d31e94

Analysis

max time kernel
149s
max time network
155s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 00:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a64640fe3eda42cac91b2bd088028370234702df7e7ec06e2ce7d39e2d31e94.exe
Size

4.9MB
MD5

06b40827f8d66d3aa27b3adc351daf09
SHA1

8cc1983f9527592f13d5f0476fd0861d7ca9a259
SHA256

5a64640fe3eda42cac91b2bd088028370234702df7e7ec06e2ce7d39e2d31e94
SHA512

5879461b4ff3270dd17ef11c460b991b1194cd75cb64ebd29fb3ec8f33fa2d2e245df43b521867b8a0cccc1c17c50e36595227aff481650f0760cf4f60bdedcf
SSDEEP

98304:WYlpSgpzoLLJ3TbwaVvrZE0I8EQxPP312CDvSkkC9ZL+5OaNf/uAD:WCJ9onJ5hrZERmH34lCjqUYfGA

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

192.168.220.176:4444

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Loads dropped DLL 3 IoCs

pid	Process
2244	5a64640fe3eda42cac91b2bd088028370234702df7e7ec06e2ce7d39e2d31e94.exe
2244	5a64640fe3eda42cac91b2bd088028370234702df7e7ec06e2ce7d39e2d31e94.exe
2244	5a64640fe3eda42cac91b2bd088028370234702df7e7ec06e2ce7d39e2d31e94.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	2244	5a64640fe3eda42cac91b2bd088028370234702df7e7ec06e2ce7d39e2d31e94.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2244	2008	5a64640fe3eda42cac91b2bd088028370234702df7e7ec06e2ce7d39e2d31e94.exe	28
PID 2008 wrote to memory of 2244	2008	5a64640fe3eda42cac91b2bd088028370234702df7e7ec06e2ce7d39e2d31e94.exe	28
PID 2008 wrote to memory of 2244	2008	5a64640fe3eda42cac91b2bd088028370234702df7e7ec06e2ce7d39e2d31e94.exe	28

C:\Users\Admin\AppData\Local\Temp\5a64640fe3eda42cac91b2bd088028370234702df7e7ec06e2ce7d39e2d31e94.exe
"C:\Users\Admin\AppData\Local\Temp\5a64640fe3eda42cac91b2bd088028370234702df7e7ec06e2ce7d39e2d31e94.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\5a64640fe3eda42cac91b2bd088028370234702df7e7ec06e2ce7d39e2d31e94.exe
  "C:\Users\Admin\AppData\Local\Temp\5a64640fe3eda42cac91b2bd088028370234702df7e7ec06e2ce7d39e2d31e94.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI20082\VCRUNTIME140.dll

Filesize
83KB

MD5
0c583614eb8ffb4c8c2d9e9880220f1d

SHA1
0b7fca03a971a0d3b0776698b51f62bca5043e4d

SHA256
6cadb4fef773c23b511acc8b715a084815c6e41dd8c694bc70090a97b3b03fb9

SHA512
79bbf50e38e358e492f24fe0923824d02f4b831336dae9572540af1ae7df162457d08de13e720f180309d537667bc1b108bdd782af84356562cca44d3e9e3b64

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20082\base_library.zip

Filesize
1000KB

MD5
90c0898cd529e19ba0c800d0e1f42a2a

SHA1
35882c9e2519be24ad4625031c942722946e791e

SHA256
980eab75d2e03b71fa4327da3a3126ad6980ff60a5cf9ad2b96ce06ad15ae3bd

SHA512
3527929f185b4a044d925c8cca0fc028d470c48756623762722bce483f9b9541d073bee69529c5b4c7b0b9e3b81307fa3afd0a7a4d9df60f93c66b85af6cce46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20082\python37.dll

Filesize
3.6MB

MD5
8329eebb1640cb67e07a3f219842c205

SHA1
0c68d21cac1e31d6dee9a6fd4b3bc2baeb838ceb

SHA256
a796e6e0f4f20cf4d896eda148ea1ce3a00d702840659601de0e3ecad02817aa

SHA512
1069382411d5aa53902ad814f3eb3422f0cd59266782e61c984023ab4d188215a652ff52e2032b3e857741148a021989f0203f14d67032c027de60da2c3f98ba

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI20082\_ctypes.pyd

Filesize
131KB

MD5
9fb83acced0558d0a02c8bb217a2d859

SHA1
1c581ad4e1f6f668a76a0ff5e21b4fde410db718

SHA256
55cf879e64712e37cd553ae0d68896861433a0ae4474273da6ad5b8b5deb6342

SHA512
267a3d1e41823131c2bfc14f54b42baedee1d3b9a4073ebcec26df8705436f1b9a12783f7ef21df7daeb62f994fefe4fd8f69c63aa1cffdb067e66cc3510f811

Download Submit
memory/2244-20-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads