metasploit | 818f0dafcb8bb14fc787129c33d2c3f13b006509060621f77f15c8d35b767ac9

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 04:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

818f0dafcb8bb14fc787129c33d2c3f13b006509060621f77f15c8d35b767ac9N.exe
Size

654KB
MD5

5e7fd7019aa6b4c11e9ba98c79d03b20
SHA1

2f8f1543d727289ded1090589cbda93750f6e8b1
SHA256

818f0dafcb8bb14fc787129c33d2c3f13b006509060621f77f15c8d35b767ac9
SHA512

d5e678274805c5f5c396bc710687ca7dec134748d6558d87950282dda6c33922b515e5b7f81ad3cc1312ffd523ed436e4a5aa64d89829f63f73fb3db4b154c5f
SSDEEP

12288:gQIGHk1all1uPv/QjX/XEDw2D8/ZoUFS9T4cDwusoDzge3:gQfhj1uX/Qb/XEc2oZ18J4owutDz3

Score

10^/10

metasploit backdoor trojan upx

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.0.56:443

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1676-0-0x0000000000400000-0x00000000005D8000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\818f0dafcb8bb14fc787129c33d2c3f13b006509060621f77f15c8d35b767ac9N.exe
"C:\Users\Admin\AppData\Local\Temp\818f0dafcb8bb14fc787129c33d2c3f13b006509060621f77f15c8d35b767ac9N.exe"
1⤵
PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1676-0-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads