Extracted

• • Target

    Winrar-Crracked.exe

  • Size

    3.9MB

  • MD5

    dd76d6ce1e675bf632ec21d0520189eb

  • SHA1

    bc9a0f7e0061860146abecdd977df6bf52ec1cab

  • SHA256

    123ef10c1c03e2e3c31929cb49c9d70b6dac7d5fbd29de7c25846afe007b2969

  • SHA512

    a4636f6bf0eedae51a2f590a34e24c9feb73e7aa5a58636d473653e50abb3cae169d8b2a14bfa7c890ff8587b94d8de5ba68df81b6257d2f85993ebdde009bcf

  • SSDEEP

    98304:sNRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAMBF:2R/gmeOqv7Ac9F0k

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1