Overview

overview

10

Static

static

10

windows-encoded.exe

windows7-x64

10

windows-encoded.exe

windows10-2004-x64

10

Resubmissions

04/10/2024, 15:22

241004-sr8taavhrd 10

Analysis

  • max time kernel
    16s
  • max time network
    1s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2024, 15:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    windows-encoded.exe

  • Size

    72KB

  • MD5

    aff874776473aaa45ed321e4fa146f3d

  • SHA1

    fbb2d343b4f60501922758b1f8113c930d4508ee

  • SHA256

    77af575567800a7dc1a6e7c75c0d133e6d94b8929bb9c3b4fa696430535549c4

  • SHA512

    26bd612f26b6ccdf89c1b3090e951fa3c52ce493b39501aaef59bc08b1717b83a811ca57ecfb5fd73d1dcd9c966b7e2b59fcc6ab32279ebe67ceffa7a908844e

  • SSDEEP

    1536:IxgpeA0gpxp1eFJM38IN5r+9KzhZ5iMb+KR0Nc8QsJq39:Ag8A0OxT4Szr+oz8e0Nc8QsC9

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\windows-encoded.exe
    "C:\Users\Admin\AppData\Local\Temp\windows-encoded.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2388

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2388-0-0x0000000000020000-0x0000000000021000-memory.dmp

          Filesize

          4KB

          Download