metasploit | 9724a3b9cbfe7f209ffda452e8fc8e3cbfd5b7f38c5149453760868dc6aabbfe

Analysis

max time kernel
100s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-11-2024 23:24

Target

9724a3b9cbfe7f209ffda452e8fc8e3cbfd5b7f38c5149453760868dc6aabbfeN.exe
Size

898KB
MD5

298694c454b1b6977f4f0ee1464df800
SHA1

f28f8ae5350d1086475706d2f2dbe6c18d64c7da
SHA256

9724a3b9cbfe7f209ffda452e8fc8e3cbfd5b7f38c5149453760868dc6aabbfe
SHA512

df45d0bf74ef29aaaedf441206d574c9b95255b8523c288c3bb0216b08856bcf38a78a299dba13e8918e027a3d9bde478e3e7f5f5f7bad9bca7d27a902d501e6
SSDEEP

24576:21+hn0CHRV8uiETwwfOCxjnD/WxPds0dIZorWQ4ad50yCj2hU:V5RV8uiFpULD/WxFs0WZorn4a4yC1

Score

10^/10

Family

metasploit

Version

encoder/shikata_ga_nai

Family

metasploit

Version

windows/reverse_tcp

192.168.0.7:4444

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2928-0-0x0000000140000000-0x000000014011F000-memory.dmp	upx
behavioral2/memory/2928-1-0x0000000140000000-0x000000014011F000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\9724a3b9cbfe7f209ffda452e8fc8e3cbfd5b7f38c5149453760868dc6aabbfeN.exe
"C:\Users\Admin\AppData\Local\Temp\9724a3b9cbfe7f209ffda452e8fc8e3cbfd5b7f38c5149453760868dc6aabbfeN.exe"
1⤵
PID:2928

memory/2928-0-0x0000000140000000-0x000000014011F000-memory.dmp

Filesize
1.1MB

Download
memory/2928-1-0x0000000140000000-0x000000014011F000-memory.dmp

Filesize
1.1MB

Download