metasploit | f30aee4f266fe3ec04614e245a54600692a5e8f943d71dffea3657daf900acc9

Analysis

max time kernel
95s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f30aee4f266fe3ec04614e245a54600692a5e8f943d71dffea3657daf900acc9.exe
Size

12KB
MD5

610d1eee3512db8fbce3627397394bf8
SHA1

b1fddd17fff06cbd2e2f81a9dbbadccb61b14abc
SHA256

f30aee4f266fe3ec04614e245a54600692a5e8f943d71dffea3657daf900acc9
SHA512

172a02eb8b975c373aac3106ab10c68501e302086e7c4033de9214340a54409d90b715c28d132e1bb9fd589988b18501d5ee553a900a3b11dffd2b7f55ffa31b
SSDEEP

192:y6D1XecoU5bzY3j/DdrjjOiOHuRPnRo9kRqbY7E5pz66YNW:y4IcoaC/JrjjvOH+PW9kn7VW

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://192.168.238.139:1122/MVPi

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f30aee4f266fe3ec04614e245a54600692a5e8f943d71dffea3657daf900acc9.exe

C:\Users\Admin\AppData\Local\Temp\f30aee4f266fe3ec04614e245a54600692a5e8f943d71dffea3657daf900acc9.exe
"C:\Users\Admin\AppData\Local\Temp\f30aee4f266fe3ec04614e245a54600692a5e8f943d71dffea3657daf900acc9.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2428-0-0x00000000003E0000-0x00000000003F0000-memory.dmp

Filesize
64KB

Download