metasploit | 2e39d12011879e6ebf402c6131cd154b5cb33d6885c2181a9a05b4b456690fa3

Analysis

max time kernel
92s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e39d12011879e6ebf402c6131cd154b5cb33d6885c2181a9a05b4b456690fa3.exe
Size

7.0MB
MD5

2f84c3c1213063c5b952a3a45027ee62
SHA1

a6da30058f4a4cb962aa9662c6643dc951d3c45a
SHA256

2e39d12011879e6ebf402c6131cd154b5cb33d6885c2181a9a05b4b456690fa3
SHA512

fa84e6a785868fd53ea13c1d4f5aaa2f6d814a1e76302ea9e2ad6b4bfa4a022e6a463d8166929d1e2236a58d08071ae06f15e20266913f039d8d59058fab8fe9
SSDEEP

196608:qbK1W903eV4Q2tpDjIIAcwD0RP3vvk9LIL:eAW+eGQi9jo0kk

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

http://192.168.10.134:4444/TlV0oFwu5zhpwWjADqrhGA1ab0rDwyn7nzrB3S_sfrMAfTr1_ud

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Loads dropped DLL 4 IoCs

pid	Process
3952	2e39d12011879e6ebf402c6131cd154b5cb33d6885c2181a9a05b4b456690fa3.exe
3952	2e39d12011879e6ebf402c6131cd154b5cb33d6885c2181a9a05b4b456690fa3.exe
3952	2e39d12011879e6ebf402c6131cd154b5cb33d6885c2181a9a05b4b456690fa3.exe
3952	2e39d12011879e6ebf402c6131cd154b5cb33d6885c2181a9a05b4b456690fa3.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 3952	2668	2e39d12011879e6ebf402c6131cd154b5cb33d6885c2181a9a05b4b456690fa3.exe	84
PID 2668 wrote to memory of 3952	2668	2e39d12011879e6ebf402c6131cd154b5cb33d6885c2181a9a05b4b456690fa3.exe	84

C:\Users\Admin\AppData\Local\Temp\2e39d12011879e6ebf402c6131cd154b5cb33d6885c2181a9a05b4b456690fa3.exe
"C:\Users\Admin\AppData\Local\Temp\2e39d12011879e6ebf402c6131cd154b5cb33d6885c2181a9a05b4b456690fa3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Users\Admin\AppData\Local\Temp\2e39d12011879e6ebf402c6131cd154b5cb33d6885c2181a9a05b4b456690fa3.exe
  "C:\Users\Admin\AppData\Local\Temp\2e39d12011879e6ebf402c6131cd154b5cb33d6885c2181a9a05b4b456690fa3.exe"
  2⤵
  - Loads dropped DLL
  PID:3952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI26682\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\_bz2.pyd

Filesize
82KB

MD5
c7ce973f261f698e3db148ccad057c96

SHA1
59809fd48e8597a73211c5df64c7292c5d120a10

SHA256
02d772c03704fe243c8de2672c210a5804d075c1f75e738d6130a173d08dfcde

SHA512
a924750b1825747a622eef93331fd764d824c954297e37e8dc93a450c11aa7ab3ad7c3b823b11656b86e64de3cd5d409fda15db472488dfaa4bb50341f0b29d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\_ctypes.pyd

Filesize
121KB

MD5
10fdcf63d1c3c3b7e5861fbb04d64557

SHA1
1aa153efec4f583643046618b60e495b6e03b3d7

SHA256
bc3b83d2dc9e2f0e6386ed952384c6cf48f6eed51129a50dfd5ef6cbbc0a8fb3

SHA512
dc702f4100ed835e198507cd06fa5389a063d4600fc08be780690d729ab62114fd5e5b201d511b5832c14e90a5975ed574fc96edb5a9ab9eb83f607c7a712c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\_decimal.pyd

Filesize
247KB

MD5
21c73e7e0d7dad7a1fe728e3b80ce073

SHA1
7b363af01e83c05d0ea75299b39c31d948bbfe01

SHA256
a28c543976aa4b6d37da6f94a280d72124b429f458d0d57b7dbcf71b4bea8f73

SHA512
0357102bffc2ec2bc6ff4d9956d6b8e77ed8558402609e558f1c1ebc1baca6aeaa5220a7781a69b783a54f3e76362d1f74d817e4ee22aac16c7f8c86b6122390

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\_hashlib.pyd

Filesize
63KB

MD5
f495d1897a1b52a2b15c20dcecb84b47

SHA1
8cb65590a8815bda58c86613b6386b5982d9ec3f

SHA256
e47e76d70d508b62924fe480f30e615b12fdd7745c0aac68a2cddabd07b692ae

SHA512
725d408892887bebd5bcf040a0ecc6a4e4b608815b9dea5b6f7b95c812715f82079896df33b0830c9f787ffe149b8182e529bb1f78aadd89df264cf8853ee4c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\_lzma.pyd

Filesize
155KB

MD5
4e2239ece266230ecb231b306adde070

SHA1
e807a078b71c660db10a27315e761872ffd01443

SHA256
34130d8abe27586ee315262d69af4e27429b7eab1f3131ea375c2bb62cf094be

SHA512
86e6a1eab3529e600dd5caab6103e34b0f618d67322a5ecf1b80839faa028150c492a5cf865a2292cc8584fba008955da81a50b92301583424401d249c5f1401

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\_socket.pyd

Filesize
81KB

MD5
899380b2d48df53414b974e11bb711e3

SHA1
f1d11f7e970a7cd476e739243f8f197fcb3ad590

SHA256
b38e66e6ee413e5955ef03d619cadd40fca8be035b43093d2342b6f3739e883e

SHA512
7426ca5e7a404b9628e2966dae544f3e8310c697145567b361825dc0b5c6cd87f2caf567def8cd19e73d68643f2f38c08ff4ff0bb0a459c853f241b8fdf40024

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\base_library.zip

Filesize
1.3MB

MD5
898e35281a756640780dbc31a0b78452

SHA1
845b59cfd9fb152725f250a872e9d1d7a66af258

SHA256
0daa440c78582a693dabbc2325a06d817131bb170bad436b126bad896f1377cd

SHA512
421cc4a15e94293e53f1039b8bb5be7edcbc8e3e0e4abc7f34faf991993f51cb5f51493b58bb341cb9579347ec134b02104454075a8e7e33e45b8e3a66a44d79

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\libcrypto-3.dll

Filesize
4.9MB

MD5
51e8a5281c2092e45d8c97fbdbf39560

SHA1
c499c810ed83aaadce3b267807e593ec6b121211

SHA256
2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a

SHA512
98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\python312.dll

Filesize
6.6MB

MD5
5c5602cda7ab8418420f223366fff5db

SHA1
52f81ee0aef9b6906f7751fd2bbd4953e3f3b798

SHA256
e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce

SHA512
51c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\select.pyd

Filesize
30KB

MD5
bffff83a000baf559f3eb2b599a1b7e8

SHA1
7f9238bda6d0c7cc5399c6b6ab3b42d21053f467

SHA256
bc71fbdfd1441d62dd86d33ff41b35dc3cc34875f625d885c58c8dc000064dab

SHA512
3c0ba0cf356a727066ae0d0d6523440a882aafb3ebdf70117993effd61395deebf179948f8c7f5222d59d1ed748c71d9d53782e16bd2f2eccc296f2f8b4fc948

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26682\unicodedata.pyd

Filesize
1.1MB

MD5
a1388676824ce6347d31d6c6a7a1d1b5

SHA1
27dd45a5c9b7e61bb894f13193212c6d5668085b

SHA256
2480a78815f619a631210e577e733c9bafecb7f608042e979423c5850ee390ff

SHA512
26ea1b33f14f08bb91027e0d35ac03f6203b4dfeee602bb592c5292ab089b27ff6922da2804a9e8a28e47d4351b32cf93445d894f00b4ad6e2d0c35c6c7f1d89

Download Submit
memory/3952-30-0x0000022990280000-0x0000022990281000-memory.dmp

Filesize
4KB

Download