metasploit | da2827adecfaa75a336ee2493d628febe1a036546d2335ec5652372691c673b8

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/11/2024, 08:11

Target

da2827adecfaa75a336ee2493d628febe1a036546d2335ec5652372691c673b8N.exe
Size

1.1MB
MD5

f2974a7bdb8ea1fb29453d4c4b574860
SHA1

eeee21a0c3e5a3c114549f59a41b715695b97e34
SHA256

da2827adecfaa75a336ee2493d628febe1a036546d2335ec5652372691c673b8
SHA512

b2d04d51c9964386a744fc94be5ecfbbcb37057a95243b18da76f159653994adaaa24a3b330c83569437134781b6899e29059659661e9ad7267ca133df645dc3
SSDEEP

12288:7H/TO8/yGMAduqioHfzEXh4O3YaFcyxR04gBxpD+uigkiBIna1:D/j/QA8qioH64yR04gBxkuiviBIa1

Score

10^/10

Family

metasploit

Version

windows/reverse_tcp

127.0.0.1:4444

Family

metasploit

Version

metasploit_stager

127.0.0.1:4444

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 4496	3176	da2827adecfaa75a336ee2493d628febe1a036546d2335ec5652372691c673b8N.exe	83
PID 3176 wrote to memory of 4496	3176	da2827adecfaa75a336ee2493d628febe1a036546d2335ec5652372691c673b8N.exe	83
PID 3176 wrote to memory of 4496	3176	da2827adecfaa75a336ee2493d628febe1a036546d2335ec5652372691c673b8N.exe	83

C:\Users\Admin\AppData\Local\Temp\da2827adecfaa75a336ee2493d628febe1a036546d2335ec5652372691c673b8N.exe
"C:\Users\Admin\AppData\Local\Temp\da2827adecfaa75a336ee2493d628febe1a036546d2335ec5652372691c673b8N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe
  2⤵
  PID:4496

memory/4496-0-0x000002364C7B0000-0x000002364C7B1000-memory.dmp

Filesize
4KB

Download