metasploit | efef197515b3d37ed000775fe9c260eb08dc866f55fe7ffad6eb473c39db713b

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 20:24

Target

efef197515b3d37ed000775fe9c260eb08dc866f55fe7ffad6eb473c39db713b.exe
Size

12KB
MD5

e65ff1ce724b6bc1ac32e8c5a4a7db97
SHA1

8bd27a2e0c1b9fb2990c89ad11302d79a0bd90f6
SHA256

efef197515b3d37ed000775fe9c260eb08dc866f55fe7ffad6eb473c39db713b
SHA512

6d4fa5caf4e9da1ca344ac2c17f257ffe91524476c66ea42c2ea6899d1932660e3483471d71306f583ba21a3fcec0d0dbcac69695ea653f123c0a1d44dc88395
SSDEEP

192:U6cZEmqL9+tg9Lae2NF6hhHNHHaL9Z23Q5tfMcbqm:aZRqBqkeDohHNnWZ23xm

Score

10^/10

Family

metasploit

Version

windows/shell_bind_tcp

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2372	2300	efef197515b3d37ed000775fe9c260eb08dc866f55fe7ffad6eb473c39db713b.exe	31
PID 2300 wrote to memory of 2372	2300	efef197515b3d37ed000775fe9c260eb08dc866f55fe7ffad6eb473c39db713b.exe	31
PID 2300 wrote to memory of 2372	2300	efef197515b3d37ed000775fe9c260eb08dc866f55fe7ffad6eb473c39db713b.exe	31

C:\Users\Admin\AppData\Local\Temp\efef197515b3d37ed000775fe9c260eb08dc866f55fe7ffad6eb473c39db713b.exe
"C:\Users\Admin\AppData\Local\Temp\efef197515b3d37ed000775fe9c260eb08dc866f55fe7ffad6eb473c39db713b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2300 -s 40
  2⤵
  PID:2372

memory/2300-0-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download