metasploit | 8b75914d8d250ca26cf46391c205523ad3785237ea70058715b33dd7ec801f71

Analysis

max time kernel
105s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2024 06:54

Target

6881359aa581b0d623e257493b445ba0N.exe
Size

12KB
MD5

6881359aa581b0d623e257493b445ba0
SHA1

63fd73372e28f1977cfdcc050de4ae43d9df3ca2
SHA256

8b75914d8d250ca26cf46391c205523ad3785237ea70058715b33dd7ec801f71
SHA512

31194617e94eb6cec7db9664b5c69bd9541bffda34a4369ccb884ae2d60d5c7b6ef0f61a80dbcecc74aa5959229b4684800563926509c1cf4a17397cf5c9eec8
SSDEEP

192:0+YAIX8S/Q3+JVD1AD1mgrXqWz6exMzZLdqXLdqXh:3uX8S/bJVKD1mgvnMzZpqI

Score

10^/10

Family

metasploit

Version

metasploit_stager

192.168.30.131:8888

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 2968	2864	6881359aa581b0d623e257493b445ba0N.exe	85
PID 2864 wrote to memory of 2968	2864	6881359aa581b0d623e257493b445ba0N.exe	85
PID 2864 wrote to memory of 2968	2864	6881359aa581b0d623e257493b445ba0N.exe	85

C:\Users\Admin\AppData\Local\Temp\6881359aa581b0d623e257493b445ba0N.exe
"C:\Users\Admin\AppData\Local\Temp\6881359aa581b0d623e257493b445ba0N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Windows\SYSTEM32\svchost.exe
  svchost.exe
  2⤵
  PID:2968

memory/2864-0-0x0000000140000000-0x00000001400043C8-memory.dmp

Filesize
16KB

Download
memory/2864-2-0x0000000140000000-0x00000001400043C8-memory.dmp

Filesize
16KB

Download
memory/2968-1-0x000002C5376C0000-0x000002C5376C1000-memory.dmp

Filesize
4KB

Download