metasploit | 3803193eff523d185cad40191f9e198f8bfbb945db6fd651b79c17ed7ceeff4a

Analysis

max time kernel
115s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/11/2024, 04:59

Target

3803193eff523d185cad40191f9e198f8bfbb945db6fd651b79c17ed7ceeff4aN.exe
Size

8KB
MD5

775ffa5605e9f10b6ca6de5d2e457d50
SHA1

40f61d8ac05350599a3f58b72e9c053ab62798a4
SHA256

3803193eff523d185cad40191f9e198f8bfbb945db6fd651b79c17ed7ceeff4a
SHA512

38320309ac76061ab8e2ac70e922a365e154e36930184c8728e8f1c429671ab39afd4a02067f62987d2953ce5bc59df7f0e1466d7f93c4dbbd44bb12f4fc592f
SSDEEP

96:a6VlIAG+fmy0gzK110ZmfAooYSaFfCiQnHSFYgfNXhsIiWo5xF8LnHLJMLzLIzNt:a6VAwQaZmmgaFnH4YgVhszvezFMHW

Score

10^/10

Family

metasploit

Version

metasploit_stager

192.168.163.151:8080

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 4648	2740	3803193eff523d185cad40191f9e198f8bfbb945db6fd651b79c17ed7ceeff4aN.exe	95
PID 2740 wrote to memory of 4648	2740	3803193eff523d185cad40191f9e198f8bfbb945db6fd651b79c17ed7ceeff4aN.exe	95
PID 2740 wrote to memory of 4648	2740	3803193eff523d185cad40191f9e198f8bfbb945db6fd651b79c17ed7ceeff4aN.exe	95

C:\Users\Admin\AppData\Local\Temp\3803193eff523d185cad40191f9e198f8bfbb945db6fd651b79c17ed7ceeff4aN.exe
"C:\Users\Admin\AppData\Local\Temp\3803193eff523d185cad40191f9e198f8bfbb945db6fd651b79c17ed7ceeff4aN.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2740
- \??\c:\windows\system32\svchost.exe
  c:\windows\system32\svchost.exe
  2⤵
  PID:4648

memory/2740-1-0x00007FFEBA843000-0x00007FFEBA845000-memory.dmp

Filesize
8KB

Download
memory/2740-0-0x000001D060D20000-0x000001D060D26000-memory.dmp

Filesize
24KB

Download