metasploit | e789a8c169b76ba481cc19432489a4ad139695ed4945b42dfe5a1d7530d27be7

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 00:49

Target

e789a8c169b76ba481cc19432489a4ad139695ed4945b42dfe5a1d7530d27be7.exe
Size

12KB
MD5

815bd9cf7afc72e0d1141709fca53491
SHA1

bc32bdb78cb9b1dde10fe7d78753bcacb6bb67d1
SHA256

e789a8c169b76ba481cc19432489a4ad139695ed4945b42dfe5a1d7530d27be7
SHA512

15b71c67b3b9e833b4fa54143e6def527a2014d6f130e28e72d97186770f969354963df094267cad84c8ca600bed6e41925921a834cadd8a2f728250e2411bc6
SSDEEP

192:ndReCMTlBKJgqg/r61UElVuFAUVO+WTHgi2JWkBzV0y23:dETlwuEUiABVWTeEkBWy+

Score

10^/10

Family

metasploit

Version

metasploit_stager

192.168.241.129:4444

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2160	2076	e789a8c169b76ba481cc19432489a4ad139695ed4945b42dfe5a1d7530d27be7.exe	30
PID 2076 wrote to memory of 2160	2076	e789a8c169b76ba481cc19432489a4ad139695ed4945b42dfe5a1d7530d27be7.exe	30
PID 2076 wrote to memory of 2160	2076	e789a8c169b76ba481cc19432489a4ad139695ed4945b42dfe5a1d7530d27be7.exe	30

C:\Users\Admin\AppData\Local\Temp\e789a8c169b76ba481cc19432489a4ad139695ed4945b42dfe5a1d7530d27be7.exe
"C:\Users\Admin\AppData\Local\Temp\e789a8c169b76ba481cc19432489a4ad139695ed4945b42dfe5a1d7530d27be7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2076 -s 520
  2⤵
  PID:2160

memory/2076-0-0x000007FEF50F3000-0x000007FEF50F4000-memory.dmp

Filesize
4KB

Download
memory/2076-1-0x0000000000360000-0x000000000036A000-memory.dmp

Filesize
40KB

Download
memory/2076-2-0x0000000000240000-0x0000000000244278-memory.dmp

Filesize
16KB

Download