metasploit | a1b36b37454873c6afe0f5822e343a029b9724ee07ec6ae4243d5a688e9a84c7

Analysis

max time kernel
132s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 06:39

Target

be101f8181d00ee2196fbc988d85d7d3.exe
Size

47KB
MD5

be101f8181d00ee2196fbc988d85d7d3
SHA1

33ad1f1d1b139b6f2ffe3fe0c7a94f61e4ec7088
SHA256

a1b36b37454873c6afe0f5822e343a029b9724ee07ec6ae4243d5a688e9a84c7
SHA512

167b1e1e2064a3368a7c0d0fcb5883170651325bae540413fdd8b9fcca234b3c6cc598867e640c8272e68fc966dd39378259f8818bff4024ed1edbb25e7bc880
SSDEEP

768:IFL4OV4w9yKeW8AopyKYZ3qFYsXR/nbBgQroqWIHplBa2pcbJdWbvE0O0vfq3:IO0rbaL8rstNcqWocNdAK0Hq3

Score

10^/10

Family

metasploit

Version

windows/reverse_http

http://89.197.154.116:7810/O6Z_Oh2DCu_X-db4sYLFEg1hYXRf_R2oUsq-2FBCe7OY5fyzWx30F0mf2_tTjbnFbloJRApsw

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3412-0-0x0000000000400000-0x0000000000419000-memory.dmp	upx
behavioral2/memory/3412-2-0x0000000000400000-0x0000000000419000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\be101f8181d00ee2196fbc988d85d7d3.exe
"C:\Users\Admin\AppData\Local\Temp\be101f8181d00ee2196fbc988d85d7d3.exe"
1⤵
PID:3412

memory/3412-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3412-1-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/3412-2-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download