Overview

overview

10

Static

static

10

something.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    38s
  • max time network
    42s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06-11-2024 23:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    something.exe

  • Size

    72KB

  • MD5

    38b26f0b802d5e6001621122e0626419

  • SHA1

    d0d9894c2ebb6c4e58a3aa5e50625f08176d8d29

  • SHA256

    79411c0b2c877210039713a1d18947e81a5fae55ec290c3c0907410acc524365

  • SHA512

    23fc285574fc408567e1def1e727779fc8b84bc800a3b60be955b6003b1018c73c52da6843dac6b99445640966731174382f907cc11c07922cd3d79009a5f0df

  • SSDEEP

    1536:IEio0Gg3rrshkDAS4dKMCEM4LMX4HrZ2pwMK9D7Mb+KR0Nc8QsJq39:5Y93vyk0S4S744X4Awl7e0Nc8QsC9

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

193.161.193.99:27429

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\something.exe
    "C:\Users\Admin\AppData\Local\Temp\something.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/536-0-0x0000000000970000-0x0000000000971000-memory.dmp

    Filesize

    4KB

    Download