metasploit | 1dddbe35f087419bed5effd4ac7b9cacb4be3d6f8239b7650cf81b2a01b2b369

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 00:06

Target

29c4f7618e72214116ae6e7c578a4dc9.exe
Size

14KB
MD5

29c4f7618e72214116ae6e7c578a4dc9
SHA1

0e7e98f7705566e1c7a4bd41222d166b18236808
SHA256

1dddbe35f087419bed5effd4ac7b9cacb4be3d6f8239b7650cf81b2a01b2b369
SHA512

42cb857b3906e500bd9498685fc57dc21ce9417efe7fba200ea6010449803962bb8ff7700288f1d524bfcab95ada74ed0cdec3fc08ffe9cd3ee320bc332f9da8
SSDEEP

192:AWH+DgGK83SxHn2OQ/dmBI4KBfTgir+xzK7NRxbqUqV/Qjo7AGa:Ai+kGKqbOCdWIVBff+xz4NRtfCXAn

Score

10^/10

Family

metasploit

Version

windows/download_exec

http://120.78.7.92:8443DogCsDogCs.js

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

C:\Users\Admin\AppData\Local\Temp\29c4f7618e72214116ae6e7c578a4dc9.exe
"C:\Users\Admin\AppData\Local\Temp\29c4f7618e72214116ae6e7c578a4dc9.exe"
1⤵
PID:1180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4256,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=1304 /prefetch:8
1⤵
PID:4580

memory/1180-0-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/1180-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1180-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download