metasploit | ec67cfad97d6228f07aa94281e3e0ac07e4422800f931caccf06c9ea9aecb5da

Analysis

max time kernel
110s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-09-2024 18:15

Target

59606be0825c78bfd6fe8ebaddc176c0N.exe
Size

138KB
MD5

59606be0825c78bfd6fe8ebaddc176c0
SHA1

9cbfb72b6cbf3b6e9efe193a3f1d66ead5c50bac
SHA256

ec67cfad97d6228f07aa94281e3e0ac07e4422800f931caccf06c9ea9aecb5da
SHA512

04ed8975cdb924fd242ad7d40dec70bc64f4ff4a3f5b3e7333766231aceede0722ad823f27f1775062037a8795ded1d0b661cc167a5ca540d12232f623b1834f
SSDEEP

1536:pkitkaCaP1/VgXg1H569DskvWhJFjMTz68d32YrgtpGars3u6NaPV8PpS9oxOVvS:pkiuA1/nKd5lO0u5V3oH

Score

10^/10

Family

metasploit

Version

windows/shell_bind_tcp

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2368	2868	59606be0825c78bfd6fe8ebaddc176c0N.exe	29
PID 2868 wrote to memory of 2368	2868	59606be0825c78bfd6fe8ebaddc176c0N.exe	29
PID 2868 wrote to memory of 2368	2868	59606be0825c78bfd6fe8ebaddc176c0N.exe	29

C:\Users\Admin\AppData\Local\Temp\59606be0825c78bfd6fe8ebaddc176c0N.exe
"C:\Users\Admin\AppData\Local\Temp\59606be0825c78bfd6fe8ebaddc176c0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2868 -s 40
  2⤵
  PID:2368

memory/2868-0-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/2868-1-0x000000013F520000-0x000000013F546000-memory.dmp

Filesize
152KB

Download