Malware Analysis Report

2025-04-03 18:01

Sample ID 241109-s5kcvaxcrf
Target b92b2cd389f6e0d7a6df782c8e542d44d9eabc296111990739021d17418db25dN
SHA256 b92b2cd389f6e0d7a6df782c8e542d44d9eabc296111990739021d17418db25d
Tags
metasploit backdoor trojan discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b92b2cd389f6e0d7a6df782c8e542d44d9eabc296111990739021d17418db25d

Threat Level: Known bad

The file b92b2cd389f6e0d7a6df782c8e542d44d9eabc296111990739021d17418db25dN was found to be: Known bad.

Malicious Activity Summary

metasploit backdoor trojan discovery

Metasploit family

MetaSploit

Unsigned PE

Program crash

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 15:42

Signatures

Metasploit family

metasploit

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 15:42

Reported

2024-11-09 15:44

Platform

win7-20241010-en

Max time kernel

110s

Max time network

116s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b92b2cd389f6e0d7a6df782c8e542d44d9eabc296111990739021d17418db25dN.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Metasploit family

metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\b92b2cd389f6e0d7a6df782c8e542d44d9eabc296111990739021d17418db25dN.exe

"C:\Users\Admin\AppData\Local\Temp\b92b2cd389f6e0d7a6df782c8e542d44d9eabc296111990739021d17418db25dN.exe"

Network

Country Destination Domain Proto
N/A 192.168.122.130:444 tcp

Files

memory/2500-0-0x0000000000030000-0x0000000000031000-memory.dmp

memory/2500-1-0x0000000000400000-0x000000000041D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 15:42

Reported

2024-11-09 15:44

Platform

win10v2004-20241007-en

Max time kernel

110s

Max time network

114s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b92b2cd389f6e0d7a6df782c8e542d44d9eabc296111990739021d17418db25dN.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Metasploit family

metasploit

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b92b2cd389f6e0d7a6df782c8e542d44d9eabc296111990739021d17418db25dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b92b2cd389f6e0d7a6df782c8e542d44d9eabc296111990739021d17418db25dN.exe

"C:\Users\Admin\AppData\Local\Temp\b92b2cd389f6e0d7a6df782c8e542d44d9eabc296111990739021d17418db25dN.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2628 -ip 2628

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240

Network

Country Destination Domain Proto
N/A 192.168.122.130:444 tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/2628-0-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/2628-1-0x0000000000400000-0x000000000041D000-memory.dmp