metasploit | 6b2361e3f2edbb461dce6e6fadd6f8621c99c276df7fe3bd09915892be66c8bd

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 00:03

Target

6b2361e3f2edbb461dce6e6fadd6f8621c99c276df7fe3bd09915892be66c8bd.exe
Size

50KB
MD5

64fb679752b44553d0bf78b2250c3d39
SHA1

6d0d4c48ad62e775dd5fd4553831b3ad4812ddb4
SHA256

6b2361e3f2edbb461dce6e6fadd6f8621c99c276df7fe3bd09915892be66c8bd
SHA512

772fd26d0f46169411d28e845cf1297be96569b99e9a2a93e58e47b4ccc0e6f0be967771d7dfd171e56e40eeb8c68557b8d3097fd7597fbffb678c16c36ce872
SSDEEP

1536:I6qJeYwpiJToCB79s7xC+ufT4JIWO4qRq3:NuWpAJfs7xSEJ2t6

Score

10^/10

Family

metasploit

Version

windows/reverse_tcp

10.0.4.4:2030

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/864-0-0x0000000000400000-0x0000000000419000-memory.dmp	upx
behavioral2/memory/864-2-0x0000000000400000-0x0000000000419000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\6b2361e3f2edbb461dce6e6fadd6f8621c99c276df7fe3bd09915892be66c8bd.exe
"C:\Users\Admin\AppData\Local\Temp\6b2361e3f2edbb461dce6e6fadd6f8621c99c276df7fe3bd09915892be66c8bd.exe"
1⤵
PID:864

memory/864-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/864-1-0x00000000004A0000-0x00000000004A4000-memory.dmp

Filesize
16KB

Download
memory/864-2-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download