metasploit | 04f7368461477066880718cc07795e4edf7ac49895f0910125b5b51f9eb259c4

Analysis

max time kernel
105s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-12-2024 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04f7368461477066880718cc07795e4edf7ac49895f0910125b5b51f9eb259c4N.exe
Size

72KB
MD5

6c2eafb11640bcfbca0a4fe645a86d20
SHA1

bd842528dd7c0058cfd0c1f5558d83327f0abed0
SHA256

04f7368461477066880718cc07795e4edf7ac49895f0910125b5b51f9eb259c4
SHA512

bba002c749324c7f7a9a16bc0ed73676627b55daf926d72e5e06abfce6a1219a4ecc6bbbff4c1c8b5ee2d407f881c94de37c64f85668c9da7b4948c6cd5eb3ff
SSDEEP

1536:IpcphT82hqH5JPKWnWfz+zg5XMb+KR0Nc8QsJq39:wKvhqH5Z1nWaWXe0Nc8QsC9

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

172.20.223.100:5551

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	04f7368461477066880718cc07795e4edf7ac49895f0910125b5b51f9eb259c4N.exe

C:\Users\Admin\AppData\Local\Temp\04f7368461477066880718cc07795e4edf7ac49895f0910125b5b51f9eb259c4N.exe
"C:\Users\Admin\AppData\Local\Temp\04f7368461477066880718cc07795e4edf7ac49895f0910125b5b51f9eb259c4N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2388-0-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download