metasploit | 9782a279274007ae2a013b93297dc05709dd07724a5a5fcfe43f0e278235714d

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
30/12/2024, 16:19

Target

9782a279274007ae2a013b93297dc05709dd07724a5a5fcfe43f0e278235714d.exe
Size

96KB
MD5

f84eda795ca32150e80d1f5539a88c4d
SHA1

c9c0dc0c25397ff7cb1a542112ae27389d351516
SHA256

9782a279274007ae2a013b93297dc05709dd07724a5a5fcfe43f0e278235714d
SHA512

160b1130a4ca4b161f295985e0abf37b530252db7387740a296804431d90bc6e272ebab074255361ebd73fae62850cbad1c536f47263862dd89a767c2ad9f377
SSDEEP

1536:xSQ+iqE+l/+fVD2n5/AMvXP3Tg6aH+JP5L5da3DtowL:xSBOVD2n5/AajiH+JP5L5I6wL

Score

10^/10

Family

metasploit

Version

metasploit_stager

192.168.129.128:8000

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 2708 created 1208	2708	9782a279274007ae2a013b93297dc05709dd07724a5a5fcfe43f0e278235714d.exe	21

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2708	9782a279274007ae2a013b93297dc05709dd07724a5a5fcfe43f0e278235714d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2888	2708	9782a279274007ae2a013b93297dc05709dd07724a5a5fcfe43f0e278235714d.exe	32
PID 2708 wrote to memory of 2888	2708	9782a279274007ae2a013b93297dc05709dd07724a5a5fcfe43f0e278235714d.exe	32
PID 2708 wrote to memory of 2888	2708	9782a279274007ae2a013b93297dc05709dd07724a5a5fcfe43f0e278235714d.exe	32
PID 2708 wrote to memory of 2888	2708	9782a279274007ae2a013b93297dc05709dd07724a5a5fcfe43f0e278235714d.exe	32

memory/2708-0-0x000000013F8F0000-0x000000013F90C000-memory.dmp

Filesize
112KB

Download