Overview

overview

10

Static

static

10

ca29413f53...0e.exe

windows7-x64

10

ca29413f53...0e.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2024, 11:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca29413f53520ae4fbbb6ded5d82e029673651c5737194604c04fc525386a20e.exe

  • Size

    6.3MB

  • MD5

    9efa175ba28fac73db836e6a8d1f88ba

  • SHA1

    37100ef0e63e23c7c7216d8d51d9f9239fc60b6d

  • SHA256

    ca29413f53520ae4fbbb6ded5d82e029673651c5737194604c04fc525386a20e

  • SHA512

    139c6a88a458e8c5b1a4b9ccde0834260511a786f4591f29944b69bd3f06673cbc50d9dc7e63d6178b3271dbfe12a167299f685f12b5c23f7735f05ff08152ba

  • SSDEEP

    98304:T3gmRQ9YcQSJ4oDgsYb7Vp/LpLJCBarQ7j9uYDLMxlSrM2orq9xkt3SL59:TvqlQS2cC/VNLmBluYDLMxhrq+aD

Score
10/10
metasploitbackdoordiscoverytrojanupx

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.163.138:4444

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca29413f53520ae4fbbb6ded5d82e029673651c5737194604c04fc525386a20e.exe
    "C:\Users\Admin\AppData\Local\Temp\ca29413f53520ae4fbbb6ded5d82e029673651c5737194604c04fc525386a20e.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3016-0-0x0000000000400000-0x0000000000493000-memory.dmp

    Filesize

    588KB

    Download

  • memory/3016-1-0x0000000000650000-0x0000000000651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-2-0x0000000000400000-0x0000000000493000-memory.dmp

    Filesize

    588KB

    Download