metasploit | c4240aff9825d33bc05f6d7199def3602da2df8c3600e7c642bc25464f46510d

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 09:24

Target

c4240aff9825d33bc05f6d7199def3602da2df8c3600e7c642bc25464f46510d.exe
Size

42KB
MD5

0c0f7323c35ece5a6643d35d85e5cb43
SHA1

e8f861669ca4c421c540be81a0ae8e9cc4dd9fd0
SHA256

c4240aff9825d33bc05f6d7199def3602da2df8c3600e7c642bc25464f46510d
SHA512

d8735d0a1d54e91e59b8e6045d8be87fc55c8362fadccbd9103c5be2680a26098e94b01c6faf05c8172b99a220d7e7a8e7170a05bc16270f27e2fd510ed8b297
SSDEEP

384:MEHfFCjt8RcCwvvSA7wlVCWvHisVG+CVlk4Md9NiRh:Mgtm8RcCs64w2WvHO+AlkDN4h

Score

10^/10

Family

metasploit

Version

encoder/shikata_ga_nai

Family

metasploit

Version

windows/reverse_tcp

192.168.9.131:3333

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2144	2196	c4240aff9825d33bc05f6d7199def3602da2df8c3600e7c642bc25464f46510d.exe	31
PID 2196 wrote to memory of 2144	2196	c4240aff9825d33bc05f6d7199def3602da2df8c3600e7c642bc25464f46510d.exe	31
PID 2196 wrote to memory of 2144	2196	c4240aff9825d33bc05f6d7199def3602da2df8c3600e7c642bc25464f46510d.exe	31

C:\Users\Admin\AppData\Local\Temp\c4240aff9825d33bc05f6d7199def3602da2df8c3600e7c642bc25464f46510d.exe
"C:\Users\Admin\AppData\Local\Temp\c4240aff9825d33bc05f6d7199def3602da2df8c3600e7c642bc25464f46510d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2196 -s 36
  2⤵
  PID:2144

memory/2196-0-0x000000013FE50000-0x000000013FE5D000-memory.dmp

Filesize
52KB

Download