metasploit | 5154ba942fd9ec67878edc2f492ca1864b2ed6767478c9740f41033a9af75109 | Triage

Analysis

max time kernel
105s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2024 06:38

Sharing

Report Analysis Logs

General

Target

f80309e358297b92e9a343803359f3c0N.exe
Size

7KB
MD5

f80309e358297b92e9a343803359f3c0
SHA1

676ddaa5835a278ff8a6c326b24572a2d5d93ca6
SHA256

5154ba942fd9ec67878edc2f492ca1864b2ed6767478c9740f41033a9af75109
SHA512

b45f58dc1b6443fd1f7d22f0de96c9024d665f0bf013909cd363a9524808a9cb0f6ed01b84854c30698a8e6fe3c64652723ca4dd4839db8bdc13011a0bf9305e
SSDEEP

48:is0aS4BQn4AcrlIRaNCGqslaASD9eS/B:0+Sn/IlI6qi05eS/

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.30.131:8888

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4056 wrote to memory of 1048	4056	f80309e358297b92e9a343803359f3c0N.exe	83
PID 4056 wrote to memory of 1048	4056	f80309e358297b92e9a343803359f3c0N.exe	83
PID 4056 wrote to memory of 1048	4056	f80309e358297b92e9a343803359f3c0N.exe	83

C:\Users\Admin\AppData\Local\Temp\f80309e358297b92e9a343803359f3c0N.exe
"C:\Users\Admin\AppData\Local\Temp\f80309e358297b92e9a343803359f3c0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4056
- C:\Windows\SYSTEM32\svchost.exe
  svchost.exe
  2⤵
  PID:1048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1048-1-0x0000020053E30000-0x0000020053E31000-memory.dmp

Filesize
4KB

Download
memory/4056-0-0x0000000140000000-0x00000001400043C8-memory.dmp

Filesize
16KB

Download