metasploit | ece3a4848490caeb2ab62773ee9d3d28bab72560a452f59de17dea3b369e9d09

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 04:05

Target

ece3a4848490caeb2ab62773ee9d3d28bab72560a452f59de17dea3b369e9d09.dll
Size

9KB
MD5

f0676ddbfb7ead380a41dcd4ba11fcbd
SHA1

a9aa8437cf5178a1b52e388065fa55fd9f6bf692
SHA256

ece3a4848490caeb2ab62773ee9d3d28bab72560a452f59de17dea3b369e9d09
SHA512

0249e4f19ca8b9be573e2bc38b359efb948488a8c472309765085ff2c06529f16bdd14a8c14926565f190d67ce05fa536216acb1194cc36ee73e0fff8ac81fc7
SSDEEP

48:q0r+l6O5aXyn/hNhx4/jC/VZqIlK7SD9C2V+b0E:dX0Lq255x

Score

10^/10

Family

metasploit

Version

metasploit_stager

192.168.184.151:4444

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2308 set thread context of 2328	2308	rundll32.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2328	2308	rundll32.exe	30
PID 2308 wrote to memory of 2328	2308	rundll32.exe	30
PID 2308 wrote to memory of 2328	2308	rundll32.exe	30
PID 2308 wrote to memory of 2328	2308	rundll32.exe	30

memory/2328-0-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/2328-2-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download