metasploit | 0e9d3897f9041d782db9d6bd23ca1b17f5f854ebc9ed5b64fff8d7d53dacf221

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e9d3897f9041d782db9d6bd23ca1b17f5f854ebc9ed5b64fff8d7d53dacf221.exe
Size

749KB
MD5

2b7df1c4fe3b9006c21dba0ffae5e044
SHA1

167e162d881341a0f0bc64901591e3f525c907ba
SHA256

0e9d3897f9041d782db9d6bd23ca1b17f5f854ebc9ed5b64fff8d7d53dacf221
SHA512

72aacfc12f24608225e379a747c320759c046de07cc971c5493628f2ddab93a74f2cde293ac5dcfd2fe95a4f42f5b001b06a6a8038dbb9069ccaa4be10189ce4
SSDEEP

12288:peqW86Tf7xglFIV/4Zf8FkKBPFrmtJxv/znLABkeGevRcAqn9LqgqmlrexDvBIRq:pV6fxg7IeEOKXrmtJx3rLABk1eFElrep

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

10.31.19.65:4444

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0e9d3897f9041d782db9d6bd23ca1b17f5f854ebc9ed5b64fff8d7d53dacf221.exe

C:\Users\Admin\AppData\Local\Temp\0e9d3897f9041d782db9d6bd23ca1b17f5f854ebc9ed5b64fff8d7d53dacf221.exe
"C:\Users\Admin\AppData\Local\Temp\0e9d3897f9041d782db9d6bd23ca1b17f5f854ebc9ed5b64fff8d7d53dacf221.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4780-1-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download
memory/4780-0-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download