Overview

overview

10

Static

static

10

f0a4d54bc2...bd.exe

windows7-x64

10

f0a4d54bc2...bd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-12-2024 19:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f0a4d54bc278c020501357a199f70937e0b55f28d1bc6de011584a67ef806dbd.exe

  • Size

    2.5MB

  • MD5

    ef80fc93975e76891198ab104d4e2728

  • SHA1

    821be0463fd703cb80a5c34a95089689c8dba7c8

  • SHA256

    f0a4d54bc278c020501357a199f70937e0b55f28d1bc6de011584a67ef806dbd

  • SHA512

    d451c19d89523200233b0931f341156f3a6412b6ce136af70af85c202450aa14a26108bf914a9a91f8b5b28c9a54e438b4be2203a57165ae41b188d069cdd688

  • SSDEEP

    49152:Lb6Eir9RQeKV1oWCt0d2RyD3iJKubsISTb/am5B8y6sEUhSSwhUPMub:ynLLzWCud2JnbsIW/amj8yF8Sp

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Program crash 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f0a4d54bc278c020501357a199f70937e0b55f28d1bc6de011584a67ef806dbd.exe
    "C:\Users\Admin\AppData\Local\Temp\f0a4d54bc278c020501357a199f70937e0b55f28d1bc6de011584a67ef806dbd.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2084
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 512
      2⤵
      • Program crash
      PID:4216
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 524
      2⤵
      • Program crash
      PID:2640
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 552
      2⤵
      • Program crash
      PID:1224
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2084 -ip 2084
    1⤵
      PID:2848
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2084 -ip 2084
      1⤵
        PID:4248
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2084 -ip 2084
        1⤵
          PID:64

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2084-0-0x00000000006B0000-0x00000000006BF000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2084-1-0x00000000006B0000-0x00000000006BF000-memory.dmp

          Filesize

          60KB

          Download