metasploit | 73bcfd130533d37048c4198fa57158ff30c005bd1b08f7f06afe067e555e5096

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-12-2024 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73bcfd130533d37048c4198fa57158ff30c005bd1b08f7f06afe067e555e5096.doc
Size

446KB
MD5

d8c4fa8f0039b50323e326878a2e8f44
SHA1

2630a910c038b044eb0fa987c76b4481d09a309b
SHA256

73bcfd130533d37048c4198fa57158ff30c005bd1b08f7f06afe067e555e5096
SHA512

97f61388e0c40d1520e7a26601ae5ec806ba02cdbbfa47ea4d2d915fb37956feff1dc7e8c7cd571321055ec79117072ac43a74c6dc5ebe233a0fb24ca23ca241
SSDEEP

6144:VYtw1e3FMH7ujugUPfZU4aIyAYyN5VIHG/epSr8/FibeUxYT8Z37Sx0eDGk7u:fy0

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

163.177.122.50:443

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4892	WINWORD.EXE
4892	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4892	WINWORD.EXE
4892	WINWORD.EXE

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4892	WINWORD.EXE
4892	WINWORD.EXE
4892	WINWORD.EXE
4892	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\73bcfd130533d37048c4198fa57158ff30c005bd1b08f7f06afe067e555e5096.doc" /o ""
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4892-1-0x00007FF8F4A30000-0x00007FF8F4A40000-memory.dmp

Filesize
64KB

Download
memory/4892-3-0x00007FF934A4D000-0x00007FF934A4E000-memory.dmp

Filesize
4KB

Download
memory/4892-4-0x00007FF8F4A30000-0x00007FF8F4A40000-memory.dmp

Filesize
64KB

Download
memory/4892-5-0x00007FF8F4A30000-0x00007FF8F4A40000-memory.dmp

Filesize
64KB

Download
memory/4892-2-0x00007FF8F4A30000-0x00007FF8F4A40000-memory.dmp

Filesize
64KB

Download
memory/4892-0-0x00007FF8F4A30000-0x00007FF8F4A40000-memory.dmp

Filesize
64KB

Download
memory/4892-8-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-9-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-7-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-6-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-10-0x00007FF8F21C0000-0x00007FF8F21D0000-memory.dmp

Filesize
64KB

Download
memory/4892-11-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-16-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-17-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-19-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-18-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-15-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-14-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-13-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-12-0x00007FF8F21C0000-0x00007FF8F21D0000-memory.dmp

Filesize
64KB

Download
memory/4892-37-0x000001B906220000-0x000001B906221000-memory.dmp

Filesize
4KB

Download
memory/4892-38-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-40-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download
memory/4892-39-0x00007FF9349B0000-0x00007FF934BA5000-memory.dmp

Filesize
2.0MB

Download