Overview

overview

10

Static

static

3

3ac5a94279...16.exe

windows7-x64

10

3ac5a94279...16.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-03-2024 14:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ac5a942797b111f4ba7a9304f5c36fdb179cac8be47997011c2de540e1e8d16.exe

  • Size

    1.6MB

  • MD5

    32d166eed8b91ac09e11a0f6f7be40db

  • SHA1

    7f8adfccab9213aa0235719bddd0d2e67bce96b3

  • SHA256

    3ac5a942797b111f4ba7a9304f5c36fdb179cac8be47997011c2de540e1e8d16

  • SHA512

    f1ce3ef3f247852673532542af8264414b7a4ce6f9173f2dd2369a8ac6b4ca38b4e82c2b39fc4c6a5684309258770fa3c8b86a8ba60eeebc7332ddb677afd92a

  • SSDEEP

    49152:c8Ekly3vrb/T7vO90d7HjmAFd4A64nsfJeUvDgALNCpMWD1:Q3+

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

23.227.194.212:8443

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ac5a942797b111f4ba7a9304f5c36fdb179cac8be47997011c2de540e1e8d16.exe
    "C:\Users\Admin\AppData\Local\Temp\3ac5a942797b111f4ba7a9304f5c36fdb179cac8be47997011c2de540e1e8d16.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3132
    • C:\Windows\system32\cmd.exe
      cmd /c start "" C:\Users\Admin\AppData\Local\Temp\3ac5a942797b111f4ba7a9304f5c36fdb179cac8be47997011c2de540e1e8d16.doc
      2⤵
      • Checks computer location settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3060
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\3ac5a942797b111f4ba7a9304f5c36fdb179cac8be47997011c2de540e1e8d16.doc" /o ""
        3⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3ac5a942797b111f4ba7a9304f5c36fdb179cac8be47997011c2de540e1e8d16.doc
    Filesize

    11KB

    MD5

    913200d8e1ea56bcab85c6a677e576cd

    SHA1

    9e9e0ca7b1fb636794c02e7de476ed9a9ac3ad3c

    SHA256

    e0be2922b7e2b88f5fe25feea014ff2a7345b5bfff805c8a2e02ebe775b88d66

    SHA512

    ffffa9d6051a1f1269074864b101992e92d04b2e27a6e86f9734c7b3f05f6f87a2c70bd82c1ca6060f8bea05ccf84ed0f010d1713056b6338c26bc94cc1d0b5d

    Download Submit

  • memory/992-19-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-10-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-5-0x00007FFA955B0000-0x00007FFA955C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/992-7-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-17-0x00007FFA932C0000-0x00007FFA932D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/992-8-0x00007FFA955B0000-0x00007FFA955C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/992-9-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-20-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-11-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-21-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-14-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-15-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-13-0x00007FFA932C0000-0x00007FFA932D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/992-16-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-18-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-3-0x00007FFA955B0000-0x00007FFA955C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/992-6-0x00007FFA955B0000-0x00007FFA955C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/992-4-0x00007FFA955B0000-0x00007FFA955C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/992-12-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-22-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-23-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-24-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-25-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-28-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-63-0x00007FFA955B0000-0x00007FFA955C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/992-42-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-61-0x00007FFA955B0000-0x00007FFA955C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/992-62-0x00007FFA955B0000-0x00007FFA955C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/992-64-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-66-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-65-0x00007FFA955B0000-0x00007FFA955C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/992-68-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/992-67-0x00007FFAD5530000-0x00007FFAD5725000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3132-35-0x000001C650E00000-0x000001C650E01000-memory.dmp

    Filesize

    4KB

    Download