Overview

overview

10

Static

static

3

c2c1a3a88b...39.exe

windows7-x64

10

c2c1a3a88b...39.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22-01-2024 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c2c1a3a88ba9df719c73a2f2bf6d71807731b8f091c658562d5c5924a32ce339.exe

  • Size

    1.8MB

  • MD5

    b63d033a7af7588d7c5ba60068d81e48

  • SHA1

    0b8fba25bdee3f5f4e8c008f1bdeeae39e7128f1

  • SHA256

    c2c1a3a88ba9df719c73a2f2bf6d71807731b8f091c658562d5c5924a32ce339

  • SHA512

    895b4b199c8155d50b8b2830c9b266ef3a9f9a8e43c44c65b3897a78a14616f0cb925c33f714cfcffbb3fcde7888296273d65fca1ee4ec9b496a34c233a142a7

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09WOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1+xJIiW0MbQxA

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c2c1a3a88ba9df719c73a2f2bf6d71807731b8f091c658562d5c5924a32ce339.exe
    "C:\Users\Admin\AppData\Local\Temp\c2c1a3a88ba9df719c73a2f2bf6d71807731b8f091c658562d5c5924a32ce339.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Users\Admin\AppData\Local\Temp\c2c1a3a88ba9df719c73a2f2bf6d71807731b8f091c658562d5c5924a32ce339.exe
      "C:\Users\Admin\AppData\Local\Temp\c2c1a3a88ba9df719c73a2f2bf6d71807731b8f091c658562d5c5924a32ce339.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2484
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2480

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    1d0ae6e61fa9fde964664f66a9139a4b

    SHA1

    888a7e629278237263a1e717829b3683d1063c6b

    SHA256

    f5b88dc5d8a4f8b00956dcfa3fb39a83f5d7db225d7ede9709537969ff574307

    SHA512

    590766e98221c04dce5755121674e4b901166fa50fdfbd3a58473e66884a5aa242aef8f0b2f4870f46265cfa95e682dd9c6addccae706798ea97f56ccd533e98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    36a9d09a27941e1d5eb688a940d97605

    SHA1

    eb515cc0ddfb27d669caa26edbf25429c78285d9

    SHA256

    c8218f64dc73619332c32ac78639f5315d50411cb149f66806fd816ad7b3b21d

    SHA512

    797e131cac9cf119cb445ab4ab87aa846dc5a566f447c6f20f254657fc4021393cd636620f1cacffd2efc5829f6b14537ba7984fc9c94c27408e15a1d6e1b82b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7386151d966481ea78bfbab53fc5bc4d

    SHA1

    d138e36131a2a911339d8b3c54cf6cc869f912b9

    SHA256

    434981036aae1915ae8dc9e79e8af13a91e6715e209667abf46d20c4ef93c515

    SHA512

    96129caad66065cb3475e0dce672198cf3982cc068366af7a3f7ee5e0f8f42ff75c95d77c4d836d53856d3082d34e9a0ffbd8a9615c41a38cef10bc7bef809ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    15bd0e2a43acd0a4f5891ef303b36015

    SHA1

    5738d180d2e2d900068eb58aa80f18dd47b98a64

    SHA256

    9984a24e381fb36e7db2cca787f0de57936a345e5c69bc137316da3e6b66d809

    SHA512

    a5d0220e6862f936d225d20f84b7342da164e0f1c796ae7cc40a0355175df9ae6f07826dd4361f6291e5573e83984bbc2954b0050b4b6061b3a29c4bc710aa35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8f299765e952cbfe08e5bf67013c02df

    SHA1

    cdefee02ac462c5b8ff217dd556378e6f86ff247

    SHA256

    c54b807114a87343aa9c11b8672ac47e6789708855c1598f6114d4ca3e233062

    SHA512

    1a861c8249045fbfd95fb63a394abcb7d16567218ae02e6392f6c8d8bbe0de3c275059a1d312339e895be5ef61877b686f063c44a32442f35f0265bb9c36e4b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2a299de81c368cda7fe2075caab4d986

    SHA1

    fca4441b54e9b3f6b7da90a64ae055cffd998a86

    SHA256

    46683abedc22dd194311009c6d424b3bf115d7529c6674e05d40142cb06f76e7

    SHA512

    7a7fff2c3fcd3eb11636a1d4326f63543fbed98e0c839bd79280faab81fa93882eebe90fe743aeb9367c7eb25cfbbeb901f248c8fe67d54264fe8a807a12400a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fae262ea51d4110dfd1fc57a7b1d30f8

    SHA1

    d4e6dedf027ac8dc06d7feb243009d01bfc23931

    SHA256

    8bf9d5e6dee4b6335b7d3f654a91593af3be94194065befc62064b2913f95f54

    SHA512

    5b4333459bc856578e00de5fe0921513f9d38a5001b4db0e0ac2f3ebaf443c1db6523a28ff9fe083c9bc52462e7c506b223a2b3f67cb8ea6c919180f095c8c17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    79db35651cc29635f821db731b92f5e7

    SHA1

    a6d97ecc7c20362f99f00c9f77fd3a5ddb8b65fd

    SHA256

    eac5ff9470b01f900aa1883ced11afe6f615a7a2ac571afc6dcebc6181046f7d

    SHA512

    a4e977cffb14c0b1c5dade33ce6834a4ef6ad986c16e45fabf2af933b3d11c7ab38d80f52d250321c2ca0329d14f74c3c48c2c2db676f019d75fa9fc0c32eefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    873be43b915996f1b3995f7252a93e20

    SHA1

    f6a4ba801804a85ae3a9574a00461eb1626f9c73

    SHA256

    75436a5e61853e0d7597b39093da20eac8c876527f7b1ef7ed04f1d5e9ea6131

    SHA512

    376bab509307b88f1133e27ec73cfeb0bd76c491df1618007c2b62f9bec2ad22cae1e02d7d2655cd2dcea3da401f82fbacb26b8cc45fe6181260bfa71310d182

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3de31f51dd2272f3babb5d463105ba40

    SHA1

    ff197dce8d88a3877df3e16ae11696b04239c4f4

    SHA256

    0db0abbdf3ee59df1aa4a4d99236cba41d4db90694ad6cc7c98550e82224f017

    SHA512

    5d33c4a9d40bfe66e554a3e6b0cc44bc5750f41537aa81d2d6ceae7f1ab8bee6bb3b400dd65f83962d07b84c3234911873114862a1b8664089e2266b12c1339b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cb685ff10fab5e1967349efe304c32e6

    SHA1

    02bbb750e18783c69d02a3ebf7e0c9d21f89020e

    SHA256

    b3de4b89d47e2788beb19dc2f64c2930a444d69ced5ef63de2f1ce23e7ccad3c

    SHA512

    de8e7abe7d665f00015ed8a985289de5fe9aaf4d2b81aaec580f2100f77677724a477ad8ebdbd7319cc8c3de1d31f85d9f4f53a6c42c984d8c0bfa2f1afcfff8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6a4f01c37814a8aee05a0c7359645b21

    SHA1

    c4bdbd3a9cbd9b05007969f02be0758950b39587

    SHA256

    f8840531506b9e37ac671b82e8d75382f3ec46e6691d46791e29808bc8543f21

    SHA512

    c065e515b8a0d6940adc2277fcfeb9f4aec3dc7455f401ea56746dc4602e703c20d3dc28c50c2428a3af49295bbdc55460dc3dd4c85981689bc512b1e73006cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b852111b15dd4a807c717eef05f51309

    SHA1

    7c4d1eb07ec4225d7849e050a760f4b9feb3c45c

    SHA256

    8fc6cf64ee81cf1ee85fe968bd1ae380dfe468ff004ae3d904c8f3d8dc71aa57

    SHA512

    83a6309f5115780a09bd6d6cb8aae77b2ce1c69505b97478027cf9396a4912bcc6f59d7fc046f899a92c0103d811db2de379f5654ab127e82aed5de688a7aa5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f6aef1570c0540f83959cf596856011f

    SHA1

    19c4589c2c79f35debfd851cbdd584f49fb458b6

    SHA256

    3c7491404a326fe3a3f9f66249d050fb0cf635592125916a92f92f5c3085a1b6

    SHA512

    dea355d14100aecabee1708c9187ab92d3d842cf94dd44c62f5d73d14fab565a8017fdad60f5bf1acb03f6d85ac1ec78f2a8eb12ff83fd361965e5625dbe6781

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6ba87d6cc990ae36b72f0e8aa1829390

    SHA1

    edbbc0cfd32fa440453c0e5d6e746771b26cceec

    SHA256

    cfb0efb8652e42c14fc87402886e63e17097012ba6fc35f01d50be99049268de

    SHA512

    6ec34fe6ce8e4a99ea23b664552eb487d8f75076e7f0a0de7082ff1abad1f145bdc22685ad34b9552d46616cc09744c1afe2730a3740102dee23afff9137aae3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    3eda1ead0587745986e64ce6e677f9a7

    SHA1

    ac0cfb2e5bae68624419a98299d9cf31afd3c5ba

    SHA256

    6ec4e17f71549e7eb9f33fb01de5af4dabca283524fbf98d70c534db24e0a976

    SHA512

    45b1794a4dd6a9282685d7433c8d47e616171df36502fa18bbe35729c3d3b192283a128ed6beb180dbb91b1f0c091b0f7e094a278011bf6f681c6117c85da955

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    91e8e233261bb32a93cf66d03e18d837

    SHA1

    d9ce36056c368f47555c7f008954048cf523da9f

    SHA256

    b4ea8166a70f8e892f5c3c61a27a378921f3ea5abc0015ab5824c77d3ec681ca

    SHA512

    09e570f185e9d9aba4fd98280a12975fddeccb8035d9a795a6fb773a2c7ad1a7c5b72870a6bb672e8c2b231bbe8e0f0b0abccc525783e62a5f632b367699055f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF7CD.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2860-5-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2860-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2860-2-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2860-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2972-6-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2972-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download