metasploit | cc1641d7d93355bdc1e7369b7177f7f44f7c431f8c01335283631d37b9a095c0

Analysis

max time kernel
142s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 09:20

Target

cc1641d7d93355bdc1e7369b7177f7f44f7c431f8c01335283631d37b9a095c0.exe
Size

42KB
MD5

5b4b97d943c96f04b84256f69bdc7987
SHA1

d2ab8b048b59a08c44182c9dc1073cd01fc5f45c
SHA256

cc1641d7d93355bdc1e7369b7177f7f44f7c431f8c01335283631d37b9a095c0
SHA512

9293457499311e74f585d800a6c17cbacf49cfac76dab2b534009512be2b52c847f55010ddf53058dcdef9d078f8682add50007efa6ad8315298af2ced28a0e9
SSDEEP

384:pEpfFCjt8RcCwyqpoSM7wlVCWwLC91WVNVlb4Md9NiRh:pKtm8RcCVqPEw2WwLFVDlbDN4h

Score

10^/10

Family

metasploit

Version

encoder/shikata_ga_nai

Family

metasploit

Version

metasploit_stager

192.168.9.131:3333

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2236	2352	cc1641d7d93355bdc1e7369b7177f7f44f7c431f8c01335283631d37b9a095c0.exe	30
PID 2352 wrote to memory of 2236	2352	cc1641d7d93355bdc1e7369b7177f7f44f7c431f8c01335283631d37b9a095c0.exe	30
PID 2352 wrote to memory of 2236	2352	cc1641d7d93355bdc1e7369b7177f7f44f7c431f8c01335283631d37b9a095c0.exe	30

C:\Users\Admin\AppData\Local\Temp\cc1641d7d93355bdc1e7369b7177f7f44f7c431f8c01335283631d37b9a095c0.exe
"C:\Users\Admin\AppData\Local\Temp\cc1641d7d93355bdc1e7369b7177f7f44f7c431f8c01335283631d37b9a095c0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2352 -s 36
  2⤵
  PID:2236

memory/2352-0-0x000000013FBD0000-0x000000013FBDD000-memory.dmp

Filesize
52KB

Download