metasploit | f0ae5adb5310acd24ddc00df7e50dece0bd053583a2a58fc947643357d4277cc

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 12:15

Target

f0ae5adb5310acd24ddc00df7e50dece0bd053583a2a58fc947643357d4277cc.exe
Size

1.1MB
MD5

167346409784b3c5fef8569de4a48723
SHA1

c438e1eecd6594ebbbec1991192d581a238593e2
SHA256

f0ae5adb5310acd24ddc00df7e50dece0bd053583a2a58fc947643357d4277cc
SHA512

04d5f6a7acf873d43850b31467ef4f8583067b5d244364d93f0ff7a095e35381d341976153a2449cfcd7d44c3e98640de9d9e0a85dedbe7e518fe8f9f48515f6
SSDEEP

12288:Isgvhb0GxicRnVwyUqLA8otFELKtGw5cOcxzekm6A5QF/K:6h39/UqLAXtFELKtr5cbzhJA5sK

Score

10^/10

Family

metasploit

Version

encoder/shikata_ga_nai

Family

metasploit

Version

windows/reverse_tcp

192.168.246.130:8888

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2380	3068	f0ae5adb5310acd24ddc00df7e50dece0bd053583a2a58fc947643357d4277cc.exe	31
PID 3068 wrote to memory of 2380	3068	f0ae5adb5310acd24ddc00df7e50dece0bd053583a2a58fc947643357d4277cc.exe	31
PID 3068 wrote to memory of 2380	3068	f0ae5adb5310acd24ddc00df7e50dece0bd053583a2a58fc947643357d4277cc.exe	31

C:\Users\Admin\AppData\Local\Temp\f0ae5adb5310acd24ddc00df7e50dece0bd053583a2a58fc947643357d4277cc.exe
"C:\Users\Admin\AppData\Local\Temp\f0ae5adb5310acd24ddc00df7e50dece0bd053583a2a58fc947643357d4277cc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3068 -s 36
  2⤵
  PID:2380

memory/3068-0-0x0000000000400000-0x0000000000512000-memory.dmp

Filesize
1.1MB

Download