Overview

overview

10

Static

static

10

Trojan.Win...er.exe

windows7-x64

10

Trojan.Win...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    105s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-09-2024 21:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Trojan.Win32.Meterpreter.exe

  • Size

    72KB

  • MD5

    7bc7bf5151048fdc727968caae355140

  • SHA1

    6d7dfa9af2a105bb69e4b8a4735d4d9d2eba017e

  • SHA256

    56f63c808180b1e11c46a98e42fe6aaee6fde0b1514906f6450b86b7f6f3404e

  • SHA512

    6648ca840c783508c9a4f699c15e31dd3430168ae23066f3d3cecb85d68ca146f75aacc083d196cafc005decc2c16716f529fa1537d5fa09d387b5c6a6928c5f

  • SSDEEP

    1536:IdFQuq61b4NNKdjc0iFTSDh49Pl2Mb+KR0Nc8QsJq39:JKb4NNUpU6SPce0Nc8QsC9

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.45.161:443

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\Trojan.Win32.Meterpreter.exe
    "C:\Users\Admin\AppData\Local\Temp\Trojan.Win32.Meterpreter.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3656-0-0x0000000000870000-0x0000000000871000-memory.dmp

    Filesize

    4KB

    Download