Overview

overview

10

Static

static

10

2646e519ee...4e.dll

windows7-x64

10

2646e519ee...4e.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-09-2024 04:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2646e519ee58312ca55f02f6cbfa1088591477427b02aad97edc35211906354e.dll

  • Size

    9KB

  • MD5

    42c9fdab8f39bb15f27e1c6b56c313ea

  • SHA1

    6b9890d457f70fc1dd75997b34156a5fd3a42996

  • SHA256

    2646e519ee58312ca55f02f6cbfa1088591477427b02aad97edc35211906354e

  • SHA512

    0bf0cecd5d370c4f82f4374a1bfe68f0be75fa04da5a819bb6700f09da93aa4ed2952acbf0a18712e870024f481cae61409d673189d9eb59673544ac75e42a47

  • SSDEEP

    48:q0r+l6O5aXyn/hNhx4/jC/VGt+LrSD9C210Ehb0E:dX0kt+Lm5R

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

43.136.244.24:9987

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Blocklisted process makes network request 8 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2646e519ee58312ca55f02f6cbfa1088591477427b02aad97edc35211906354e.dll,#1
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:968
    • C:\Windows\system32\rundll32.exe
      rundll32.exe
      2⤵
      • Blocklisted process makes network request
      PID:4920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4920-0-0x000001F53BEF0000-0x000001F53BEF1000-memory.dmp

    Filesize

    4KB

    Download