Overview

overview

10

Static

static

10

8cd0acf8f9...0N.dll

windows7-x64

10

8cd0acf8f9...0N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    105s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-09-2024 22:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8cd0acf8f998bb8737c2c1b0c78b8e76d04a379330837c311c3a3d710d04ef80N.dll

  • Size

    9KB

  • MD5

    146bb80776d8f19937b5023256c6e520

  • SHA1

    3c91d29a47330347004ce74d3b7dce9e9f9b491e

  • SHA256

    8cd0acf8f998bb8737c2c1b0c78b8e76d04a379330837c311c3a3d710d04ef80

  • SHA512

    4b2c06a9d9ee069b3db1e27c989ac9a8742c49e87bd5e2b87a4f65589c156c1f6d235adf6ada17343829bc9ee84bcb3a988ee2776b52d514072e073fce1f4527

  • SSDEEP

    48:q0r+l6O5aXyn/hNhx4/jC/VXq+tlqSD9C2VIb0E:dX0Zq+f95x

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.168.129:4444

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8cd0acf8f998bb8737c2c1b0c78b8e76d04a379330837c311c3a3d710d04ef80N.dll,#1
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Windows\system32\rundll32.exe
      rundll32.exe
      2⤵
        PID:2268

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2268-0-0x000001EA41FF0000-0x000001EA41FF1000-memory.dmp

      Filesize

      4KB

      Download