metasploit | f5d6e2428139c9dd671089c402c2fb53aa82ce621224df3a4c2669cc9e481441

Analysis

max time kernel
75s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 17:44

Target

f5d6e2428139c9dd671089c402c2fb53aa82ce621224df3a4c2669cc9e481441N.exe
Size

12KB
MD5

d2f4d13abc54ce63ac11396ce62ba810
SHA1

94a95709568e7a3e25a5ab695a6679bd194e44c5
SHA256

f5d6e2428139c9dd671089c402c2fb53aa82ce621224df3a4c2669cc9e481441
SHA512

6ed45e146addb0139e14e65045d9a2f58675577e0333aa4b9d8f4d92e74b0a1ab57b83ac2f2b21b2a3d6176833a867b182ce6ef74689274818a046b8540711c0
SSDEEP

192:U6cZEmqL9+tg9Lae2NF6hhHNHHaL9Z23Q5tfMcbq:aZRqBqkeDohHNnWZ23x

Score

10^/10

Family

metasploit

Version

windows/shell_bind_tcp

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 2440	844	f5d6e2428139c9dd671089c402c2fb53aa82ce621224df3a4c2669cc9e481441N.exe	32
PID 844 wrote to memory of 2440	844	f5d6e2428139c9dd671089c402c2fb53aa82ce621224df3a4c2669cc9e481441N.exe	32
PID 844 wrote to memory of 2440	844	f5d6e2428139c9dd671089c402c2fb53aa82ce621224df3a4c2669cc9e481441N.exe	32

C:\Users\Admin\AppData\Local\Temp\f5d6e2428139c9dd671089c402c2fb53aa82ce621224df3a4c2669cc9e481441N.exe
"C:\Users\Admin\AppData\Local\Temp\f5d6e2428139c9dd671089c402c2fb53aa82ce621224df3a4c2669cc9e481441N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:844
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 844 -s 40
  2⤵
  PID:2440

memory/844-0-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download