metasploit | 7e015de2bfe5e42e20ae7b7722348083e2a35adf1056a40cc9ec9e89007bd56d

Analysis

max time kernel
96s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2024 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e015de2bfe5e42e20ae7b7722348083e2a35adf1056a40cc9ec9e89007bd56d.exe
Size

469KB
MD5

a1e674f23de3858f585d12349b2ff85a
SHA1

18876d23657979e09193a120d2af56eea7708475
SHA256

7e015de2bfe5e42e20ae7b7722348083e2a35adf1056a40cc9ec9e89007bd56d
SHA512

586c630e70ae2d5c171020d7c27dc8b5b9b1f07f1cf9404d0fbd73de32e903ab510540e018661cec56dba1e2095595da3c8623b4114304c19e2ada27cc64d08d
SSDEEP

6144:KBJQu8i2zdiJ2Z9238tXijuL4CJtrWR4cxCFwBAO4oe7QIy:KBJmi252MtXiju4WRckFwBKPQIy

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://58.215.145.98:443/collect/v2/

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7e015de2bfe5e42e20ae7b7722348083e2a35adf1056a40cc9ec9e89007bd56d.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3120	7e015de2bfe5e42e20ae7b7722348083e2a35adf1056a40cc9ec9e89007bd56d.exe
3120	7e015de2bfe5e42e20ae7b7722348083e2a35adf1056a40cc9ec9e89007bd56d.exe

C:\Users\Admin\AppData\Local\Temp\7e015de2bfe5e42e20ae7b7722348083e2a35adf1056a40cc9ec9e89007bd56d.exe
"C:\Users\Admin\AppData\Local\Temp\7e015de2bfe5e42e20ae7b7722348083e2a35adf1056a40cc9ec9e89007bd56d.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3120-4-0x0000000000DD0000-0x0000000000DD1000-memory.dmp

Filesize
4KB

Download