metasploit | 2acda9ab448ff1d4a96ab870db5c23bc9c5ab3b83d837dea327bc776c8406f61

Analysis

max time kernel
110s
max time network
115s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 04:11

Target

2acda9ab448ff1d4a96ab870db5c23bc9c5ab3b83d837dea327bc776c8406f61N.exe
Size

44KB
MD5

016523b54a7cdff98219da2bf456fc00
SHA1

e7b58ecce707d01bd3b09ec32a63d2087e9661a3
SHA256

2acda9ab448ff1d4a96ab870db5c23bc9c5ab3b83d837dea327bc776c8406f61
SHA512

b57f8ce7dd2229bf01eaf2a87928c7fd8da16d04f72e51e18e0acd75ff19d2930376fe633650eecc799415bcc528e4637edf6e5bae5dcf938b6a5d2f16beabca
SSDEEP

768:jTvPev9mNmKHYrWg8N4SoyQXP6kxqkI+YBs+K8YUK/sq5XwyRUOe1Fl:jTvi9emKHExS7QXyoXpr8Yfr5yFPl

Score

10^/10

Family

metasploit

Version

metasploit_stager

192.168.170.138:9001

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2260-0-0x000000013F770000-0x000000013F79B000-memory.dmp	upx
behavioral1/memory/2260-5-0x000000013F770000-0x000000013F79B000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\2acda9ab448ff1d4a96ab870db5c23bc9c5ab3b83d837dea327bc776c8406f61N.exe
"C:\Users\Admin\AppData\Local\Temp\2acda9ab448ff1d4a96ab870db5c23bc9c5ab3b83d837dea327bc776c8406f61N.exe"
1⤵
PID:2260

memory/2260-0-0x000000013F770000-0x000000013F79B000-memory.dmp

Filesize
172KB

Download
memory/2260-1-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2260-4-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2260-5-0x000000013F770000-0x000000013F79B000-memory.dmp

Filesize
172KB

Download