Overview

overview

10

Static

static

10

portmap.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    285s
  • max time network
    296s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-12-2024 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    portmap.exe

  • Size

    7KB

  • MD5

    0e226a7b63a798b23cc4892ed6f155c7

  • SHA1

    fa59f8b3c1f71f9d9b86a108b90a2ef8d50f66b1

  • SHA256

    87248e746376e5f7e97d758e5925e347d625a30750c74f82385900ae4fd7226e

  • SHA512

    ff311672876b0f00d6726a4ee21b0485e8f4549ddf40bcfdf98a4017b29038724ff6c6ec9b34b88ec465c9b15c5c07ae3368d537093c3a1a93a13237021a9a0e

  • SSDEEP

    24:eFGStrJ9u0/6/Rs2XnZd0BQAVAWc+AYKtRq31eNDMSeXixpmB:is04R3z0BQX+AYKM1SD9eS2B

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

10.9.8.194:49953

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit

Processes

  • C:\Users\Admin\AppData\Local\Temp\portmap.exe
    "C:\Users\Admin\AppData\Local\Temp\portmap.exe"
    1⤵
      PID:3588
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4628
      • C:\Users\Admin\AppData\Local\Temp\portmap.exe
        "C:\Users\Admin\AppData\Local\Temp\portmap.exe"
        1⤵
          PID:3172
        • C:\Users\Admin\AppData\Local\Temp\portmap.exe
          "C:\Users\Admin\AppData\Local\Temp\portmap.exe"
          1⤵
            PID:4584

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3588-0-0x0000000140000000-0x0000000140004240-memory.dmp

            Filesize

            16KB

            Download

          • memory/3588-1-0x0000000140000000-0x0000000140004240-memory.dmp

            Filesize

            16KB

            Download