metasploit | 965b4a21ff439f369658e8e1be32d7f2c5bba5aeed9e4280aa229171ab1cd684

Analysis

max time kernel
105s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2024 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

965b4a21ff439f369658e8e1be32d7f2c5bba5aeed9e4280aa229171ab1cd684N.exe
Size

72KB
MD5

a4ac79e8b38eff240258fd52c1ce1030
SHA1

8c39bddc8e0747c36554d44fe526ff66c27f66f3
SHA256

965b4a21ff439f369658e8e1be32d7f2c5bba5aeed9e4280aa229171ab1cd684
SHA512

0f249b7feed32c1194e1b31bf5b73b2bf86c32f4fb785e5e74d91bacf2d11258e3b53e0bc3ac7e9f7d491b738df20420eb74122bef192562011097074b93dc3b
SSDEEP

1536:IHPVigSAUzRPXOpIhKfG/Wwc1ENMb+KR0Nc8QsJq39:6PVaAk+pTfG/Wx0e0Nc8QsC9

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.115.130:4444

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	965b4a21ff439f369658e8e1be32d7f2c5bba5aeed9e4280aa229171ab1cd684N.exe

C:\Users\Admin\AppData\Local\Temp\965b4a21ff439f369658e8e1be32d7f2c5bba5aeed9e4280aa229171ab1cd684N.exe
"C:\Users\Admin\AppData\Local\Temp\965b4a21ff439f369658e8e1be32d7f2c5bba5aeed9e4280aa229171ab1cd684N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/924-0-0x0000000000420000-0x0000000000421000-memory.dmp

Filesize
4KB

Download