metasploit | 733cdad5a5b10271f703049f46c2881d3dd13cbf172800b755fcfefe509bc144

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2024 00:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

733cdad5a5b10271f703049f46c2881d3dd13cbf172800b755fcfefe509bc144.exe
Size

72KB
MD5

cd96b2ce9132cac1b7afd45bb48ac115
SHA1

eac7c25212467b802dfce01bee49961841af8086
SHA256

733cdad5a5b10271f703049f46c2881d3dd13cbf172800b755fcfefe509bc144
SHA512

36cca7e922b3e3055b8ee92c86c5fcf28a9b51ade5f90c45783160a95750edb7e3cf1bf3be92e6e411338b51e9b7455493a2057f517981aabc1ca54515d5aa44
SSDEEP

1536:II1HGtEOlbCbRBlCrBqF+ZqDASqi9Zw9GDMb+KR0Nc8QsJq39:BlIEORCtBErxkc7+e0Nc8QsC9

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.1.1:4444

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

733cdad5a5b10271f703049f46c2881d3dd13cbf172800b755fcfefe509bc144.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	733cdad5a5b10271f703049f46c2881d3dd13cbf172800b755fcfefe509bc144.exe

C:\Users\Admin\AppData\Local\Temp\733cdad5a5b10271f703049f46c2881d3dd13cbf172800b755fcfefe509bc144.exe
"C:\Users\Admin\AppData\Local\Temp\733cdad5a5b10271f703049f46c2881d3dd13cbf172800b755fcfefe509bc144.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/520-0-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download