Overview

overview

10

Static

static

7

1/10月26�...��.exe

windows7-x64

7

1/10月26�...��.exe

windows10-2004-x64

7

1/2023年1...��.exe

windows7-x64

1

1/2023年1...��.exe

windows10-2004-x64

1

1/AggregatorHost.exe

windows7-x64

7

1/AggregatorHost.exe

windows10-2004-x64

7

1/PO202302...60.exe

windows7-x64

1

1/PO202302...60.exe

windows10-2004-x64

1

1/TIanagents.exe

windows7-x64

1

1/TIanagents.exe

windows10-2004-x64

1

1/c.exe

windows7-x64

10

1/c.exe

windows10-2004-x64

10

1/loader.exe

windows7-x64

1

1/loader.exe

windows10-2004-x64

1

1/【东�...10.exe

windows7-x64

10

1/【东�...10.exe

windows10-2004-x64

10

1/【企�...��.exe

windows7-x64

10

1/【企�...��.exe

windows10-2004-x64

10

1/【财�...��.exe

windows7-x64

7

1/【财�...��.exe

windows10-2004-x64

10

1/内容.exe

windows7-x64

3

1/内容.exe

windows10-2004-x64

3

1/外挂 �...xf.exe

windows7-x64

3

1/外挂 �...xf.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-12-2023 12:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1/c.exe

  • Size

    479KB

  • MD5

    40269ec54ce4652fd82336a1e0920b8a

  • SHA1

    b47ab90f264f73c5b2b44588f11d6a459764c629

  • SHA256

    887a5500799685d517647285b2da937f611b364ebd0db9ea6b32010272487011

  • SHA512

    a7156a2f2e2d572075c15945756f9490023a5e603297421e0c8606720848eef76cf4e6b863ee36e39b72d2c425ecf5e48a6bf37d5a87617e5ffe6303886425ea

  • SSDEEP

    12288:E2KOYjMs4+GgTJKpiFtzfeiQ5Ki5oh1cJeOb:R8Qs4+GgTsEfeoh1c0U

Score
10/10
metasploitbackdoortrojanupx

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://47.94.43.210:8080/kRJU

Attributes
  • headers User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1\c.exe
    "C:\Users\Admin\AppData\Local\Temp\1\c.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2884

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG3.JPG
    Filesize

    6KB

    MD5

    e39405e85e09f64ccde0f59392317dd3

    SHA1

    9c76db4b3d8c7972e7995ecfb1e3c47ee94fd14b

    SHA256

    cfd9677e1c0e10b1507f520c4ecd40f68db78154c0d4e6563403d540f3bf829f

    SHA512

    6733f330145b48d23c023c664090f4f240e9bbeb8368b486c8ee8682ec6a930b73275e24075648d1aa7e01db1ec7b7e259286917a006ba9af8fb7cba3439070a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG4.JPG
    Filesize

    36KB

    MD5

    f6bf82a293b69aa5b47d4e2de305d45a

    SHA1

    4948716616d4bbe68be2b4c5bf95350402d3f96f

    SHA256

    6a9368cdd7b3ff9b590e206c3536569bc45c338966d0059784959f73fe6281e0

    SHA512

    edf0f3ee60a620cf886184c1014f38d0505aac9e3703d61d7074cfb27d6922f80e570d1a3891593606a09f1296a88c8770445761c11c390a99a5341ee56478aa

    Download Submit
  • memory/2884-0-0x0000000000400000-0x000000000053E000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/2884-21-0x0000000000400000-0x000000000053E000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/2884-29-0x0000000003440000-0x0000000003441000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2884-30-0x0000000000400000-0x000000000053E000-memory.dmp
    Filesize

    1.2MB

    Download