Overview

overview

10

Static

static

8

796409250c...e5.xls

windows7-x64

10

796409250c...e5.xls

windows10-2004-x64

10

Analysis

  • max time kernel
    50s
  • max time network
    60s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-11-2024 21:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    796409250cfb873f26a814361b5c27c030b5f8e4afc5bba11a9866ab61ba15e5.xls

  • Size

    57KB

  • MD5

    350628b96da81b057576d8fdf76ee672

  • SHA1

    a8a9e74fbfec12985d4623c5895602ebed90af5f

  • SHA256

    796409250cfb873f26a814361b5c27c030b5f8e4afc5bba11a9866ab61ba15e5

  • SHA512

    935a53d82fc96c408e10ee8d41c93d16f16b404bb3f53da679679703de95a27615d7e6a06466de6ac05f88b233c27818e14a4a37be3f888aa56812f705446d99

  • SSDEEP

    1536:qXk3hbdlylKsgqopeJBWhZFGkE+cL2NdANcw+pmgaCI2S:qXk3hbdlylKsgqopeJBWhZFGkE+cL2N8

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://192.168.122.181:4444/Z5fVFI8ZO_ePmY6Y6r2OMAPLsk9oL1gmxjeNy

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\796409250cfb873f26a814361b5c27c030b5f8e4afc5bba11a9866ab61ba15e5.xls
    1⤵
    • System Location Discovery: System Language Discovery
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2012-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2012-1-0x0000000073CED000-0x0000000073CF8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2012-15-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2012-14-0x00000000060A0000-0x00000000060A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2012-13-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2012-12-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2012-16-0x0000000073CED000-0x0000000073CF8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2012-17-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2012-18-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

    Download