metasploit | 0381450dfb91ad9945826294e952373478d0a45994b2987e888edfa973990d92

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 03:02

Target

0381450dfb91ad9945826294e952373478d0a45994b2987e888edfa973990d92N.exe
Size

2.0MB
MD5

c468df5c05e0e2f8bf9587d52715f290
SHA1

f0bbd38c1cf956f52993e03336b0cf3e8aa1ca08
SHA256

0381450dfb91ad9945826294e952373478d0a45994b2987e888edfa973990d92
SHA512

a0336f090a1c3d6d18cab1c5fd4ae7abf8a7b79a28dfd764de7b8f92af32f7ea54c5fcb939a860109310eb033c3ce1f6131bd0d9da61b6f09b671f467f3eceb7
SSDEEP

49152:kzBQwqEAJs/6zVnrQHKOLS8ed0MzjkxwF:iyTQHKOmd0MzjkxwF

Score

10^/10

Family

metasploit

Version

encoder/shikata_ga_nai

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

0381450dfb91ad9945826294e952373478d0a45994b2987e888edfa973990d92N.exe

description	pid	process	target process
PID 2508 wrote to memory of 2484	2508	0381450dfb91ad9945826294e952373478d0a45994b2987e888edfa973990d92N.exe	WerFault.exe
PID 2508 wrote to memory of 2484	2508	0381450dfb91ad9945826294e952373478d0a45994b2987e888edfa973990d92N.exe	WerFault.exe
PID 2508 wrote to memory of 2484	2508	0381450dfb91ad9945826294e952373478d0a45994b2987e888edfa973990d92N.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\0381450dfb91ad9945826294e952373478d0a45994b2987e888edfa973990d92N.exe
"C:\Users\Admin\AppData\Local\Temp\0381450dfb91ad9945826294e952373478d0a45994b2987e888edfa973990d92N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2508 -s 84
  2⤵
  PID:2484

memory/2508-0-0x0000000001DA0000-0x0000000001DD2000-memory.dmp

Filesize
200KB

Download
memory/2508-1-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download