metasploit | 1bdc650856d0cd7f21f0592eb70f67747f9ddea4c09e91118ae6c4d59c07f992

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-09-2024 18:30

Target

1bdc650856d0cd7f21f0592eb70f67747f9ddea4c09e91118ae6c4d59c07f992.exe
Size

274KB
MD5

76aa650928178afd3cfeabc23b8b4074
SHA1

c08297db120619ddcbaa3edc994f733c13ea5b85
SHA256

1bdc650856d0cd7f21f0592eb70f67747f9ddea4c09e91118ae6c4d59c07f992
SHA512

2a9233800ca1996c4ad2084ca59eb65ad0231e19e028d8c5d65ea99dd99d67d13ee6d91b3a5b67427a3c200cb269fcd5c939d72787f1bad89ed7af6bddf5a89f
SSDEEP

3072:UYRo4BWQ+bJ55IUpzqm1r8J+g2RJY9bC+KRZE6JNlhbxW9u3:UYAJ55IUpORx2LxtE6VhbxWk

Score

10^/10

Family

metasploit

Version

metasploit_stager

192.168.110.138:8080

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2108	3012	1bdc650856d0cd7f21f0592eb70f67747f9ddea4c09e91118ae6c4d59c07f992.exe	31
PID 3012 wrote to memory of 2108	3012	1bdc650856d0cd7f21f0592eb70f67747f9ddea4c09e91118ae6c4d59c07f992.exe	31
PID 3012 wrote to memory of 2108	3012	1bdc650856d0cd7f21f0592eb70f67747f9ddea4c09e91118ae6c4d59c07f992.exe	31

C:\Users\Admin\AppData\Local\Temp\1bdc650856d0cd7f21f0592eb70f67747f9ddea4c09e91118ae6c4d59c07f992.exe
"C:\Users\Admin\AppData\Local\Temp\1bdc650856d0cd7f21f0592eb70f67747f9ddea4c09e91118ae6c4d59c07f992.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3012 -s 36
  2⤵
  PID:2108

memory/3012-0-0x000000013F730000-0x000000013F78B000-memory.dmp

Filesize
364KB

Download
memory/3012-1-0x000000013F730000-0x000000013F78B000-memory.dmp

Filesize
364KB

Download