metasploit | 80bb70b192c18729f94ab26689d4884130909b6d7d34100b901dc153fd73f70b

Analysis

max time kernel
115s
max time network
119s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80bb70b192c18729f94ab26689d4884130909b6d7d34100b901dc153fd73f70bN.exe
Size

72KB
MD5

f8d61826b194dcb1a2bff00ac0612e10
SHA1

6cddda7bbf3db56fc6912479498be3d08bcf9032
SHA256

80bb70b192c18729f94ab26689d4884130909b6d7d34100b901dc153fd73f70b
SHA512

2a55742b2cb22e1a7b2efa5a3fb5e1238b5ca42add2befa63f0ac0ba1ee97d8ecded7dca790be4bb1100d532f903ab0dca6e78b15537d499ef7e92f502df98b0
SSDEEP

1536:IA1/RjlIWr2rW1FGDphgd5QqPCPMxRIMb+KR0Nc8QsJq39:rRgEaUd5lCPde0Nc8QsC9

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	80bb70b192c18729f94ab26689d4884130909b6d7d34100b901dc153fd73f70bN.exe

C:\Users\Admin\AppData\Local\Temp\80bb70b192c18729f94ab26689d4884130909b6d7d34100b901dc153fd73f70bN.exe
"C:\Users\Admin\AppData\Local\Temp\80bb70b192c18729f94ab26689d4884130909b6d7d34100b901dc153fd73f70bN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2216-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download