Overview

overview

10

Static

static

10

RjvPlatform.dll

windows7-x64

10

RjvPlatform.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2024 00:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RjvPlatform.dll

  • Size

    9KB

  • MD5

    42c0eca6e4092da7b58ad45699f99bfe

  • SHA1

    ecdd424aca025a4b57750955298b3ef3995c057e

  • SHA256

    57cf7d7537c6622ceeb9d0326be3af48dd4f3095fb6e2998db49616e450c7a74

  • SHA512

    6687f477b891e00417cb9fd4c2ca557a659cf8599dcc9c0ed67b1ba3f6fe8787cb48ee5c082c1a25dccd45fb7a3e649e5471eb4de7bfbfd4502c7453fceb895b

  • SSDEEP

    48:q0r+l6O5aXyn/hNhx4/jC/VcQkSD9C2zRb0E:dX02Qj5P

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

213.152.165.29:9500

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Blocklisted process makes network request 8 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\RjvPlatform.dll,#1
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Windows\system32\rundll32.exe
      rundll32.exe
      2⤵
      • Blocklisted process makes network request
      PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2872-0-0x0000000000060000-0x0000000000061000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-2-0x0000000000060000-0x0000000000061000-memory.dmp

    Filesize

    4KB

    Download