metasploit | 241763427629b22a8603a27e35ab78c8895a06887fc1d32e3af7037a2da1b99d

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-09-2024 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd2e7a2770ca2f6fe586ae2ce2ec34de.exe
Size

124KB
MD5

dd2e7a2770ca2f6fe586ae2ce2ec34de
SHA1

3e17f114f64c0ae2d3fa2063592a2ae36d0a9bfd
SHA256

241763427629b22a8603a27e35ab78c8895a06887fc1d32e3af7037a2da1b99d
SHA512

0139d63e0208f8605e294dcb619f96e2cc0db2f59ff3d802b5f33cb2beca9804f46dad21809fe3be7d0a8c6995452f24f51bacb0567d068c6ef6b84060ad1840
SSDEEP

1536:I166BLt2fb8J3LkEnxnQi5RCM1kVlwDeMb+KR0Nc8QsJq31:s3BLtcbm3LkEnxdbCM1kuee0Nc8QsC1

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp_dns

windowshealth.store:8887

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2604	4484	WerFault.exe	81

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dd2e7a2770ca2f6fe586ae2ce2ec34de.exe

C:\Users\Admin\AppData\Local\Temp\dd2e7a2770ca2f6fe586ae2ce2ec34de.exe
"C:\Users\Admin\AppData\Local\Temp\dd2e7a2770ca2f6fe586ae2ce2ec34de.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4484
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 500
  2⤵
  - Program crash
  PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4484 -ip 4484
1⤵
PID:4000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4484-0-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download