Overview

overview

10

Static

static

10

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    77s
  • max time network
    142s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11-09-2024 21:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    afccc65c8eea945df3889573ce48f81125c26f2255febf2f23f0e4b3461ebd04.exe

  • Size

    72KB

  • MD5

    9a164869b00114eacc59ea03fc5b228b

  • SHA1

    9a0e57adc75669d5799014a2f1c06894d78b0c11

  • SHA256

    afccc65c8eea945df3889573ce48f81125c26f2255febf2f23f0e4b3461ebd04

  • SHA512

    43b60d4048a9b5f47914497437de1f3ff51a2181b99f3c165a45e5401ef98bdac685ea014ceac6b32a1b8928860e024dc60c54406f63b4defc4245cf6001c866

  • SSDEEP

    1536:IWPtHZFB3EmDlWztm3DKBE3ZQURqTYBmjVwqyIKoMb+KR0Nc8QsJq39:DPtnB0mDMg3mcyJ/aqyIKoe0Nc8QsC9

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://89.197.154.116:7810/7rQMjQ0pW73r6-rqjQpIagkqYuaEID1XoXdzSQsp51dtJPW2NqoLBKwmCamtnn2bCPy-1GO-vIfv7uZ7yOibcCwIslaePVhf6Vz17pzDQJ4n9cbPdG1RHgd0ZPcMj8FuOQmxZIyAZ7fElG72tvkNVZI9bWPOIwcjWo2dBDAqCZLvbDuGq6gQ-mF183p_2D146fkBKIQ2Sk00_1wI-RBbALluJFdCcDfZ1Nc-kFl6uKxEsa7KzQ1Yw

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\afccc65c8eea945df3889573ce48f81125c26f2255febf2f23f0e4b3461ebd04.exe
    "C:\Users\Admin\AppData\Local\Temp\afccc65c8eea945df3889573ce48f81125c26f2255febf2f23f0e4b3461ebd04.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3776-0-0x0000000000510000-0x0000000000511000-memory.dmp

    Filesize

    4KB

    Download