metasploit | 9acbe2b60e6d204f1ff0bc726532a1ec74d0005d29ca23a895fd8dd7f1a1993c

Analysis

max time kernel
105s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9acbe2b60e6d204f1ff0bc726532a1ec74d0005d29ca23a895fd8dd7f1a1993cN.exe
Size

72KB
MD5

7539e670bbd7e21e235da975baeb0330
SHA1

66136f8772a0c6a0723ce270fb5d20fe72fd3e30
SHA256

9acbe2b60e6d204f1ff0bc726532a1ec74d0005d29ca23a895fd8dd7f1a1993c
SHA512

4e8523fdee44e20178c76e741c8de32a63b0641d38ac3ac11935892f748df912337f33f1894ed9377c80eeb46b53615756106825c051cff866fa773a4b8cda8c
SSDEEP

1536:Ij2aR2mabA7wQtSUgMsnRYreuqMb+KR0Nc8QsJq39:saBQotRsNqe0Nc8QsC9

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9acbe2b60e6d204f1ff0bc726532a1ec74d0005d29ca23a895fd8dd7f1a1993cN.exe

C:\Users\Admin\AppData\Local\Temp\9acbe2b60e6d204f1ff0bc726532a1ec74d0005d29ca23a895fd8dd7f1a1993cN.exe
"C:\Users\Admin\AppData\Local\Temp\9acbe2b60e6d204f1ff0bc726532a1ec74d0005d29ca23a895fd8dd7f1a1993cN.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3352-0-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download