metasploit | cad274c5c0130cf5a21aa44914bbee5fa1b8205c7b19843ea2ee1054e671c3cd

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cad274c5c0130cf5a21aa44914bbee5fa1b8205c7b19843ea2ee1054e671c3cd.exe
Size

5.7MB
MD5

a3c08ba1a63a6789186de34cd55ec710
SHA1

a5abffea8b4fa8a7fdd45cf405a1dce25b5bda98
SHA256

cad274c5c0130cf5a21aa44914bbee5fa1b8205c7b19843ea2ee1054e671c3cd
SHA512

e8b3d3daea255a731bd0dc9c447542a0a5cecddcf1bb02fdfdd7eb30afcbd9a75e01e9889bfd8b95a165ff6ed0a2b2dc2dbf5a5866085d92e0877e5e4a5e8f85
SSDEEP

98304:CXbBg9hU36OshoKyDvuIYc5AhVYEc4kZvRLoI0EJfNAIjvJJT1aOcKoS:CrBQ6qOshoKMuIkhVfstRL5Die1Zc

Score

10^/10

metasploit backdoor trojan upx

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

101.33.35.171:8080

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Loads dropped DLL 4 IoCs

pid	Process
4732	cad274c5c0130cf5a21aa44914bbee5fa1b8205c7b19843ea2ee1054e671c3cd.exe
4732	cad274c5c0130cf5a21aa44914bbee5fa1b8205c7b19843ea2ee1054e671c3cd.exe
4732	cad274c5c0130cf5a21aa44914bbee5fa1b8205c7b19843ea2ee1054e671c3cd.exe
4732	cad274c5c0130cf5a21aa44914bbee5fa1b8205c7b19843ea2ee1054e671c3cd.exe

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023487-13.dat	upx
behavioral2/memory/4732-17-0x00007FFCC9F30000-0x00007FFCCA519000-memory.dmp	upx
behavioral2/files/0x0007000000023486-22.dat	upx
behavioral2/memory/4732-32-0x00007FFCDC820000-0x00007FFCDC82F000-memory.dmp	upx
behavioral2/memory/4732-31-0x00007FFCDAF20000-0x00007FFCDAF43000-memory.dmp	upx
behavioral2/files/0x0007000000023483-30.dat	upx
behavioral2/files/0x0007000000023482-29.dat	upx
behavioral2/files/0x0007000000023481-28.dat	upx
behavioral2/files/0x0007000000023480-27.dat	upx
behavioral2/files/0x000700000002347e-26.dat	upx
behavioral2/files/0x0007000000023489-25.dat	upx
behavioral2/files/0x0007000000023488-24.dat	upx
behavioral2/files/0x0007000000023485-23.dat	upx
behavioral2/files/0x000700000002347f-20.dat	upx
behavioral2/memory/4732-35-0x00007FFCDAF20000-0x00007FFCDAF43000-memory.dmp	upx
behavioral2/memory/4732-34-0x00007FFCC9F30000-0x00007FFCCA519000-memory.dmp	upx

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4132 wrote to memory of 4732	4132	cad274c5c0130cf5a21aa44914bbee5fa1b8205c7b19843ea2ee1054e671c3cd.exe	86
PID 4132 wrote to memory of 4732	4132	cad274c5c0130cf5a21aa44914bbee5fa1b8205c7b19843ea2ee1054e671c3cd.exe	86

C:\Users\Admin\AppData\Local\Temp\cad274c5c0130cf5a21aa44914bbee5fa1b8205c7b19843ea2ee1054e671c3cd.exe
"C:\Users\Admin\AppData\Local\Temp\cad274c5c0130cf5a21aa44914bbee5fa1b8205c7b19843ea2ee1054e671c3cd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4132
- C:\Users\Admin\AppData\Local\Temp\cad274c5c0130cf5a21aa44914bbee5fa1b8205c7b19843ea2ee1054e671c3cd.exe
  "C:\Users\Admin\AppData\Local\Temp\cad274c5c0130cf5a21aa44914bbee5fa1b8205c7b19843ea2ee1054e671c3cd.exe"
  2⤵
  - Loads dropped DLL
  PID:4732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI41322\VCRUNTIME140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41322\_bz2.pyd

Filesize
48KB

MD5
074658809b7739daf9962894ce337a17

SHA1
63eadec06727c7064fb2c65ffa2ece8b54190ff6

SHA256
5a9ebf3c91c7330fd2cc49a05fcae7cd228e860bf0f16d230ec3f644941d826d

SHA512
781f4768ee9509f682e48cac57002d820bb8be475227fb507964f3ea38b533b1604bc7939ce2bfef7244d14f94898e9ea39e1ba46884561bd802a3f01d2d40b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41322\_ctypes.pyd

Filesize
58KB

MD5
696c720001b6087f5a95a0cbc4c2bcca

SHA1
0b964ef70c8bf24142ab35d4b9a72f54e7ec62d1

SHA256
2f77772b466d50d6ea4f644d7238769468578dfad2001256544d81491257fa3a

SHA512
76e922f7f78c718f10f59a5b7c78aa0cf429d62d088b5c912563f3448f319240050b7401302ea602f1ec1214d721f910dacc7b5fc94b725ad4a5dab3bd560ede

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41322\_decimal.pyd

Filesize
106KB

MD5
dca1d61090e4bf630c69295c3f73aeb4

SHA1
309094a642c80dcec5b550d90e888d3891e436cb

SHA256
ed1608a8bfb5758efe2bec77eebe82c42dbd26f9a1941a5bff853579cf94d7d8

SHA512
5baa0bac70b9c3ff81c371606ae8d1e2111ed50c3c9e8fcde8eb0fdfc3b6cb3d281317629b85d4f7d0fa762acece47f6b19b080637365b815f8f1ad41ba5c282

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41322\_hashlib.pyd

Filesize
35KB

MD5
deefb50bf92caa14407de92f63d97316

SHA1
0dccd6925d4171e88f395354486205abcc244333

SHA256
f7ede0240a02e20af7c852640cd835cf64229785ebef9d10f16ab42a17334fbd

SHA512
3221f88252358fd0eb7efd194a57f101817bfc69f01f0e5116d08d041a188d03b832d8802be2389bee1facc55cc7b26ce299211c70175c4caa7d2f83cd049774

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41322\_lzma.pyd

Filesize
85KB

MD5
308723d2713e45a9412827321930939e

SHA1
9d2ca209064e09fc68f5fe76e11f03eb99921fdf

SHA256
1cda1402b090d18537d50c36123ad84e856983fcc5e7892c0fdf1343bc3b0942

SHA512
7664fc39a562b7c038a087e5f13b16923a93c4df2a21702746a8686fd25e4c75357147cac334afbbd23a3b875f91322070c370c3cfed46b39e63beeb5a80231d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41322\_socket.pyd

Filesize
43KB

MD5
d93c08f62c60c9aaa9a5f729f097e29a

SHA1
e7c14670c0738b6620daf28010cece947048defe

SHA256
140670f377873d74d4ec32fd0cedc9c92baa725bdaa159a672e5d446a0cb3fd3

SHA512
843f427cd19b0700fff6f52a69a6a3bdde10e8ff3c12db837bae4d749e00a0d557a0ba348ccbab3201418fd55ba71730b52a036053a0c7ba7ca73251968d74d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41322\base_library.zip

Filesize
1.4MB

MD5
32ede00817b1d74ce945dcd1e8505ad0

SHA1
51b5390db339feeed89bffca925896aff49c63fb

SHA256
4a73d461851b484d213684f0aadf59d537cba6fe7e75497e609d54c9f2ba5d4a

SHA512
a0e070b2ee1347e85f37e9fd589bc8484f206fa9c8f4020de147b815d2041293551e3a14a09a6eb4050cfa1f74843525377e1a99bbdcfb867b61ebddb89f21f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41322\libcrypto-3.dll

Filesize
1.6MB

MD5
59a466b472e27156bfd20a3fef7ef0d9

SHA1
b8a082bc0e2a2e83f35b507865abc4ff4b59d636

SHA256
7bbf883c8b6c7240277444366bc50a239b250ef2c228d148a3bfb6318f23c1f4

SHA512
e977211288c2d43031661150fa44d037f9e690faa63cabfd207a967050baa73cf86e14e8d6b29f1efcef2177e034ebb829948ebdf21652851213ec10b5142771

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41322\libffi-8.dll

Filesize
29KB

MD5
0aac034efb1509907c8d580b51ad3c4a

SHA1
d5d69211c79ec30a932d0945e776b8fc4c42e383

SHA256
a174a301f6de532aa75bcae9bb038efa29debcc02e70b283bf87ae54d55a729b

SHA512
417c8c1c5e3d2fdf9af4e7585e4eb47a8ff22cdfda91124885406f04137ead8099b1fd70df293eaa5ea251568aad753fc4cdbe5b83420ae9d11af176901ff6be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41322\python311.dll

Filesize
1.6MB

MD5
0530156b6dabd7c2148bcc721eb4449f

SHA1
9ccafc5a17d3a25951ee14806241e8e38236d767

SHA256
739c60648ee4a3ac7ea7f37ec730e67898b149fc5b9f4cdef5ab0b69c5664170

SHA512
d919f92bd7a2c385fd77e58678aaaad5261d8ccad1fd84b42412acd275959efa7926ff85ef44f98a59199fbbf1bcdc6a1efef1516decf102c263c7311a3faf01

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41322\select.pyd

Filesize
25KB

MD5
8792eef650ba2cbb32f809457643c62f

SHA1
eda4f2aa9b457ac807597e774baf15b31f1e8a5d

SHA256
f248e68487ea30bea29b62a8bb5d6f06ddaf14dca6afafe33ef48f6ea62adaf0

SHA512
8b5d122eaacf4f7e5baecf6045fc76e6976abfef8c0437bb2c8dc344159423bfd665970a822257c646216b3771d916d2cacf9f9cca580e060fd77fb247f2fa4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41322\unicodedata.pyd

Filesize
295KB

MD5
b6d15bfb270bee9dd2916b42dc3947ff

SHA1
ef3383ab8764bf8caa5bae0fd6d06fb3d55f23ec

SHA256
1a65fa67ba1a9ef5d29ba3db6ffe2e785590b684d1afa6f5b32e74d1ae6dfcad

SHA512
7cf5a2ea1cbb90eee84fc4764dab4fa72bb240e4fb40cb0f99f0e5aff9ef912796fab264163c1f95a15b8a57aae8aca91838454136c8f8b98bce503e3453addf

Download Submit
memory/4732-31-0x00007FFCDAF20000-0x00007FFCDAF43000-memory.dmp

Filesize
140KB

Download
memory/4732-32-0x00007FFCDC820000-0x00007FFCDC82F000-memory.dmp

Filesize
60KB

Download
memory/4732-33-0x000001BAB60D0000-0x000001BAB60D1000-memory.dmp

Filesize
4KB

Download
memory/4732-17-0x00007FFCC9F30000-0x00007FFCCA519000-memory.dmp

Filesize
5.9MB

Download
memory/4732-35-0x00007FFCDAF20000-0x00007FFCDAF43000-memory.dmp

Filesize
140KB

Download
memory/4732-34-0x00007FFCC9F30000-0x00007FFCCA519000-memory.dmp

Filesize
5.9MB

Download