metasploit | 4ed768c6478720f2f50bc783f544bfa89cbb3d2423f2b9b2c712add5790fdd64

Analysis

max time kernel
105s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2024 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ed768c6478720f2f50bc783f544bfa89cbb3d2423f2b9b2c712add5790fdd64.exe
Size

144KB
MD5

576c0a7deb77d3c0eecc5d1bb1dab687
SHA1

f1a1093fb82da78829dd022e18b6c3e5a2c8a297
SHA256

4ed768c6478720f2f50bc783f544bfa89cbb3d2423f2b9b2c712add5790fdd64
SHA512

e270ac94788c84c6e10dc7e9d83530033c5aa41bf512a9301e7c1b38f6d3dd66ddf1ec1689f05b8b16dcb8574c1cf51905734cccb4628612fea6905ed7ed0c20
SSDEEP

3072:IrnoUZLfzB2CMe0Nc8QsCxXff206RiAM65vp0Oi2Me73g:IrnoUl92CX0Nc8Qs4X320F65RH7w

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4ed768c6478720f2f50bc783f544bfa89cbb3d2423f2b9b2c712add5790fdd64.exe

C:\Users\Admin\AppData\Local\Temp\4ed768c6478720f2f50bc783f544bfa89cbb3d2423f2b9b2c712add5790fdd64.exe
"C:\Users\Admin\AppData\Local\Temp\4ed768c6478720f2f50bc783f544bfa89cbb3d2423f2b9b2c712add5790fdd64.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3644-0-0x0000000000870000-0x0000000000871000-memory.dmp

Filesize
4KB

Download