metasploit | 3a3640de82c31297d90deaf715bb6510180997d328fe46e152d34ec6fefc2a2b

Analysis

max time kernel
93s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-11-2024 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a3640de82c31297d90deaf715bb6510180997d328fe46e152d34ec6fefc2a2b.exe
Size

14KB
MD5

a5a3c26fedfec77063103fa706a8a3f7
SHA1

89b3bf18440c517c5064d189258254d3fafce041
SHA256

3a3640de82c31297d90deaf715bb6510180997d328fe46e152d34ec6fefc2a2b
SHA512

c1c24a1546b0c6b315c873c0371ffb9e8ae98721c2169446e89375026e983eb8a4a7db04460ae44871eb2789e0c91712e4de02bdbad14ce824d4f3259a217d35
SSDEEP

192:63mbPYCfMcrfOIuZmvKQxtzlSIVX6NOhVWPJFcejDMN1:xMCfrfQ6tBSIlWPTceUN1

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://192.168.198.141:8888/nrC9

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3a3640de82c31297d90deaf715bb6510180997d328fe46e152d34ec6fefc2a2b.exe

C:\Users\Admin\AppData\Local\Temp\3a3640de82c31297d90deaf715bb6510180997d328fe46e152d34ec6fefc2a2b.exe
"C:\Users\Admin\AppData\Local\Temp\3a3640de82c31297d90deaf715bb6510180997d328fe46e152d34ec6fefc2a2b.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1572-0-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/1572-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1572-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download