metasploit | ccf57b26f850e951f8963de1859b347da7c45a2cc3b2873363285002a205677c | Triage

Submit
Reports

Overview

overview

Static

static

8

ccf57b26f8...7c.doc

windows7-x64

ccf57b26f8...7c.doc

windows10-2004-x64

Sharing

General

Target

ccf57b26f850e951f8963de1859b347da7c45a2cc3b2873363285002a205677c
Size

35KB
Sample

241206-1fjzsaymfx
MD5

988330297a4f3a8f5e805352395e343f
SHA1

af83c9ecc0848e3591d4f4a4ecea270e818ca65e
SHA256

ccf57b26f850e951f8963de1859b347da7c45a2cc3b2873363285002a205677c
SHA512

b952d12bb4771ff7a6c2e396275d11159a03e3eeb36a211951cfb8d933a4cb2c6129b80246a384d04e529431cf2c615b5ad3188de638864d7a810758d2beca18
SSDEEP

384:pSiSwvxjk+tbG3KyVJxfg0jkjH+pz/bT0f8XuJiFtq:pVxw+tgJxohjH+pHTl+4

Score

10^/10

metasploit backdoor discovery macro macro_on_action trojan

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

ccf57b26f850e951f8963de1859b347da7c45a2cc3b2873363285002a205677c.doc

Resource

win7-20240708-en

metasploit backdoor discovery trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ccf57b26f850e951f8963de1859b347da7c45a2cc3b2873363285002a205677c.doc

Resource

win10v2004-20241007-en

metasploit backdoor trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

127.0.0.1:4444

Targets

- Target
  
  ccf57b26f850e951f8963de1859b347da7c45a2cc3b2873363285002a205677c
- Size
  
  35KB
- MD5
  
  988330297a4f3a8f5e805352395e343f
- SHA1
  
  af83c9ecc0848e3591d4f4a4ecea270e818ca65e
- SHA256
  
  ccf57b26f850e951f8963de1859b347da7c45a2cc3b2873363285002a205677c
- SHA512
  
  b952d12bb4771ff7a6c2e396275d11159a03e3eeb36a211951cfb8d933a4cb2c6129b80246a384d04e529431cf2c615b5ad3188de638864d7a810758d2beca18
- SSDEEP
  
  384:pSiSwvxjk+tbG3KyVJxfg0jkjH+pz/bT0f8XuJiFtq:pVxw+tgJxohjH+pHTl+4
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoortrojan

© 2018-2025

Terms | Privacy