metasploit | 4434e5b7bbd577a0119ddbacb11744a63299646f4b61efebd83e3ef8fb75f49f | Triage

Submit
Reports

Overview

overview

Static

static

8

4434e5b7bb...9f.doc

windows7-x64

4434e5b7bb...9f.doc

windows10-2004-x64

1

Sharing

General

Target

4434e5b7bbd577a0119ddbacb11744a63299646f4b61efebd83e3ef8fb75f49f
Size

48KB
Sample

241205-1hbfeszken
MD5

33ef79ab8673ac5c7c054b354592b4be
SHA1

cd5c58905c31753f2bc2920053b85de4835fae86
SHA256

4434e5b7bbd577a0119ddbacb11744a63299646f4b61efebd83e3ef8fb75f49f
SHA512

3e8e9572fdaa43df2a7a1ac35985e3a391c4c792db8ff87ccc1c97a14cd17c5cecb04f310f78549d7071008a9b8e73cb848ada677b232a59d4017c63e95ab9bd
SSDEEP

768:LRvwmGuySd63lKBrXlLNO0al7RC4nFF+p0jC+:LVtYSnr1BfiRCEF+pJ+

Score

10^/10

metasploit backdoor discovery execution macro macro_on_action trojan

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

4434e5b7bbd577a0119ddbacb11744a63299646f4b61efebd83e3ef8fb75f49f.doc

Resource

win7-20240708-en

metasploit backdoor discovery execution trojan

windows7-x64

13 signatures

60 seconds

Behavioral task

behavioral2

Sample

4434e5b7bbd577a0119ddbacb11744a63299646f4b61efebd83e3ef8fb75f49f.doc

Resource

win10v2004-20241007-en

windows10-2004-x64

4 signatures

60 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://pastebin.com/raw/5x1V0wCG

Extracted

Family

metasploit

Version

windows/exec

Targets

- Target
  
  4434e5b7bbd577a0119ddbacb11744a63299646f4b61efebd83e3ef8fb75f49f
- Size
  
  48KB
- MD5
  
  33ef79ab8673ac5c7c054b354592b4be
- SHA1
  
  cd5c58905c31753f2bc2920053b85de4835fae86
- SHA256
  
  4434e5b7bbd577a0119ddbacb11744a63299646f4b61efebd83e3ef8fb75f49f
- SHA512
  
  3e8e9572fdaa43df2a7a1ac35985e3a391c4c792db8ff87ccc1c97a14cd17c5cecb04f310f78549d7071008a9b8e73cb848ada677b232a59d4017c63e95ab9bd
- SSDEEP
  
  768:LRvwmGuySd63lKBrXlLNO0al7RC4nFF+p0jC+:LVtYSnr1BfiRCEF+pJ+
Score

10^/10

metasploit backdoor discovery execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

metasploitbackdoordiscoveryexecutiontrojan

behavioral2

© 2018-2025

Terms | Privacy