Overview

overview

10

Static

static

3

6501bc44b2...e9.exe

windows7-x64

10

6501bc44b2...e9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    95s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-11-2024 08:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6501bc44b2fe7d86c889f1e9561061ed14796283f7212d77ac5d10a4c46a6ce9.exe

  • Size

    129KB

  • MD5

    6712ae0a24299f48a872da645421bcb7

  • SHA1

    53ebbaf02cba1390650e8cd1187e6f26dd95e436

  • SHA256

    6501bc44b2fe7d86c889f1e9561061ed14796283f7212d77ac5d10a4c46a6ce9

  • SHA512

    07b0db03b54f244f5c45394317af4f84cb092a384b1920d3d87101c1499032e10ac587de3ea3a6f173cceca8e18b981dbd441b2f002f9f3f565e7721b4a4ff69

  • SSDEEP

    3072:sz80+C+t9PIrMMRohG7TLV1Wmwj6jtMRvuDKbh:OTmIr1o4PLVMmMJGmbh

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://103.25.196.33:13772/D4qs

Attributes
  • headers User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6501bc44b2fe7d86c889f1e9561061ed14796283f7212d77ac5d10a4c46a6ce9.exe
    "C:\Users\Admin\AppData\Local\Temp\6501bc44b2fe7d86c889f1e9561061ed14796283f7212d77ac5d10a4c46a6ce9.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4008-4-0x0000024262ED0000-0x0000024262ED1000-memory.dmp

    Filesize

    4KB

    Download