metasploit | a8bd6800c8c3cfdb9bd9e6061a1cb8dec93ccb35ce4404a98c84ab12c360f651

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
24/12/2024, 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3037c3389b811bc1404f719af5c8b9034c5e24710cf3a0b457d28bf1b922cf7.exe
Size

1.5MB
MD5

c21e299905613e5cd5d79432934e47e3
SHA1

5093d0103341afa5a1a12d465dc6dac681027279
SHA256

a3037c3389b811bc1404f719af5c8b9034c5e24710cf3a0b457d28bf1b922cf7
SHA512

d2abf7f995628b42a030f76bd64002bd36534417c1d669232664331114afb32028427f7bdd2c2f508bd15ed25ff2b7e232a22b2d6e7b4c87e25a3e8836954ada
SSDEEP

24576:94nXubIQGyxbPV0db26RVSSR0o6y2oWSSR0o6y2B:9qe3f6bSSR0o6y2RSSR0o6y2

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

185.63.90.137:4445

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a3037c3389b811bc1404f719af5c8b9034c5e24710cf3a0b457d28bf1b922cf7.exe

C:\Users\Admin\AppData\Local\Temp\a3037c3389b811bc1404f719af5c8b9034c5e24710cf3a0b457d28bf1b922cf7.exe
"C:\Users\Admin\AppData\Local\Temp\a3037c3389b811bc1404f719af5c8b9034c5e24710cf3a0b457d28bf1b922cf7.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2800-0-0x0000000000400000-0x00000000005839C4-memory.dmp

Filesize
1.5MB

Download
memory/2800-4-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2800-2-0x0000000000400000-0x00000000005839C4-memory.dmp

Filesize
1.5MB

Download
memory/2800-3-0x0000000000526000-0x0000000000584000-memory.dmp

Filesize
376KB

Download
memory/2800-5-0x0000000000400000-0x00000000005839C4-memory.dmp

Filesize
1.5MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads