metasploit | c98ca1714a3cf5d09cb416f33353a613f20af63a33ba7f1443833911b28edd17

Analysis

max time kernel
105s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 06:32

Target

c98ca1714a3cf5d09cb416f33353a613f20af63a33ba7f1443833911b28edd17.exe
Size

1.9MB
MD5

4b2d13afeb239a3e8bcb55cacfa64da8
SHA1

d5db98435a253e1108980790927b2a6b9b4186f4
SHA256

c98ca1714a3cf5d09cb416f33353a613f20af63a33ba7f1443833911b28edd17
SHA512

8dfef526c04f88bad2fec432ae40e86248ba91274d1c70ca9b6185136a0bc6aa70e7a906c0d72e293896fcf8dbd2045d557f70144a5eafad9dd30ab5852ca96c
SSDEEP

24576:RdHvIu9b+5onESNY36mQZRvhMk+Joe3PUF8K0JcM9zbK5ZGZFqKyvI33GrQVEhsL:gKyz2MEQV2iLo6nvX4YersbACRdTg

Score

10^/10

Family

metasploit

Version

windows/shell_reverse_tcp

192.168.204.138:1234

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

c98ca1714a3cf5d09cb416f33353a613f20af63a33ba7f1443833911b28edd17.exe

pid process

3936 c98ca1714a3cf5d09cb416f33353a613f20af63a33ba7f1443833911b28edd17.exe

pid	process
3936	c98ca1714a3cf5d09cb416f33353a613f20af63a33ba7f1443833911b28edd17.exe

C:\Users\Admin\AppData\Local\Temp\c98ca1714a3cf5d09cb416f33353a613f20af63a33ba7f1443833911b28edd17.exe
"C:\Users\Admin\AppData\Local\Temp\c98ca1714a3cf5d09cb416f33353a613f20af63a33ba7f1443833911b28edd17.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3936

memory/3936-0-0x0000000000400000-0x0000000000602000-memory.dmp

Filesize
2.0MB

Download
memory/3936-1-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/3936-2-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download