Overview

overview

10

Static

static

3

a5d5ff1716...65.exe

windows7-x64

10

a5d5ff1716...65.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-04-2024 02:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5d5ff171647191792c808d6437e12c28e7c09bfb2fc829ad350890ab60ae665.exe

  • Size

    1.8MB

  • MD5

    2bafb3af75c85374e216eb31e78e7687

  • SHA1

    99ae13d5c1183c42e132d6b8eebaa8a2770bd125

  • SHA256

    a5d5ff171647191792c808d6437e12c28e7c09bfb2fc829ad350890ab60ae665

  • SHA512

    228b041254b2460dea9a988f175e5b4830eef0364cc9855cee63efb2b86e2292e893a3bcc8185f4b5662deb784c8f11bb1931dfcd749e859d6a40234d859b1fd

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09/OGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ19xJIiW0MbQxA

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5d5ff171647191792c808d6437e12c28e7c09bfb2fc829ad350890ab60ae665.exe
    "C:\Users\Admin\AppData\Local\Temp\a5d5ff171647191792c808d6437e12c28e7c09bfb2fc829ad350890ab60ae665.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Users\Admin\AppData\Local\Temp\a5d5ff171647191792c808d6437e12c28e7c09bfb2fc829ad350890ab60ae665.exe
      "C:\Users\Admin\AppData\Local\Temp\a5d5ff171647191792c808d6437e12c28e7c09bfb2fc829ad350890ab60ae665.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2764
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2740
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e9294ea51a21fb1eb13219bfb8967f24

    SHA1

    834e2576f083f0a8412dcb0d334806e18317b6f4

    SHA256

    4fd6eca835d11ce8755f94abea5e0ca4bd701bb3b0c78eaa0df6831705d02896

    SHA512

    5333652bc947b09998291a08cf3d8117d48a2d626baf475029b8ab490e163edb52645afde31c1dc446b88e213f9fac8a525612fad998392aac94b4f68f4e9675

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a80346ec2c1ceb0f38e95b70544c02b7

    SHA1

    679978b49b0c6867ea7362b235d969f5e47dcf85

    SHA256

    13a0839ee87c1edbd2b0f773d02570c03147f891f3ad6e1868e76f7f17c8112e

    SHA512

    01dd182da53c00a09ded954d9bde99ed1120155afb8c26768cf1e77c45e714871e88704c243ab6abf051cfad2d3088c5398cbfad7751216ca4a46d7221633fa1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    68b32e7e43c4c175626e5a76844f9366

    SHA1

    57a6e56e11d5b385f9ff74957684f46d97413296

    SHA256

    4b52ff70b15acd9318b2f2ed50cb4f501bb5f77644a468e0ce411668d810174c

    SHA512

    4f5f382e709cedf42e4a78e41a70d91081f1d7d10ead12dbabc6394ec576add1dde1542e470d68d74d065f16ee5d120435088dc567bc1b05d32e527dbe5709d5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    17a7c9795f25b7b14a3dec365799c267

    SHA1

    f97118ed4333a7ee0c0b635a968a09bf3cc91ae3

    SHA256

    de480fcb07f0e9791f485ab68323e8ba34bfe613147841eb1efa241870e01af8

    SHA512

    de2f21d486b27a4f5dedfc86740d00f184f96809d0cd7e000f2e11b4d09d0bfc5571832bb476eb4b101d9ec5970a7dc96ac7f074c43182ee5716dd775d03abf2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5307c5275b7d4d1bd570951b2462cbec

    SHA1

    6efd3be766662f188eae9f93c0a6f40a0a0d7a3c

    SHA256

    d939e690fe8d4efd6fbbee353f4e2e08d0925ce6d22189d068f26f498cd8dbd7

    SHA512

    40de908dfb8f4b956ab2d7a5df08033ebe9ed98384abc70f0f424a1c3b10fb5d4582b8103e9fd5b1909d11a98984a45687229399a775840e44178dbcdb8ebf54

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3ce33b0ef8cc644d0ad4c59be2621e6

    SHA1

    f9dd2dcd2c231c6cee7fa173b6bfa1ecf119c781

    SHA256

    123e4f8a100656b07db5889c57c620641580e3d0c65851c82555c8e3c01bbd7e

    SHA512

    1a80b9247fa0f8eeb4aba39f6af9f392cd24e27ab1b149cccda35e49490a3eb18692acc9be0490b780580d2df81b6fc283f6ac2ad9ee0d801f9da19bfc7168ce

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2e1171ae7b3b3f2515ab965ab4f942c1

    SHA1

    fb54e800d7233cb3f219aac7b50de5994254d625

    SHA256

    c2588cd0fcd4a9db3db0c1fcc012d070763ff1f34c3c341d54afa0472a50dd64

    SHA512

    0db2e6c3436bc96e28a6434858b3b2728ac26ad19b851e1c5ab3b230ae9f36ff21bb5e9ea12acd199e03d7015072aab73e6c16ba83cfba2401d97150e0e0e872

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    73524c9867884005c34a8a7b957fd4c7

    SHA1

    c16a18ef3db7ae62521f8ce4b3b597cd7f91fe37

    SHA256

    b71d17576182ca3549073867858cfa00210288d6a31e66a5ee1fe02990c4ce61

    SHA512

    3313fa839e824c0e9c7fb41e7a022478f80478fca9d664c5b94a1ed17d083529351ef1bbbe5e4930f4f9af6798c0d6c05040c234bd010a636c192a1c3619b331

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    55cbb8856b879b1e9882baa81b7a7afd

    SHA1

    bba63e66aa6ec3db340bb09f7c6e092c7eca066f

    SHA256

    19cbdc209a6c24d3b0225dee18e061a9dfae5fba3687a72fc3732e27a882dbd4

    SHA512

    a35a45e965d4accea9752a7659242c237fcf29b9b2964eb286de382247c5eabf788bd9df041ef7840e05b0d4eaff91ff327d5f5e5785786fa6bb9c775c52a631

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    33cfc81fec3051981f4c53a4869a3289

    SHA1

    91ca35374cc9519724feffd02c159b2edf89c9c2

    SHA256

    325a5c6ebef27cd58ae6829a1794867d38b8221af27a57f0667c6fce9e68c412

    SHA512

    055da5ef49595f0f79d671824bb05043e2703f7eb2dd8729af3ccfcc0773bc9b8c4c61733d6f5b20329164ba87428719f0f32055b1941593828096aa931f4285

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4fdecfbe1517fc89656497b662fe0405

    SHA1

    e9500711ff4829d21706a21ff6af81a24b033e01

    SHA256

    f08c1a34c7b5d2dceae54f694d19b3d387b6fddd872f09ca2f72df481a94ee19

    SHA512

    e5e9956f2b33acee18cd3508c3175c6b032ace8a15e863b142389ad4f27ac9eb40783061f9926895d03a9c09f1a4791e683c095e7480b71c8ea62ac31fd3e15c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d30ce7434278da79fe6b1e7448b379b3

    SHA1

    976ee8cab7675fe3d861dd2773099d21cdc34e32

    SHA256

    5db74d09d9537e6b9ce3ca285484691b4b298d65558955663b36a090340c0e2c

    SHA512

    22ff76c0b6a90db54bb48ff1b587fb91824160a5d9cd69aad056c0c84e69c74ed8fedccaa492d8fe9fc2f552f048aeae883f20a064be78e94b562a6f487117a1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    778485f79fb2719197d54fc5ae3a8f7e

    SHA1

    e2734296e675e3d904c44dace763455258337042

    SHA256

    16cd89a13ed13f9cd89638327a9e94067f0de74a74eb623a57dbaf409467b2b7

    SHA512

    a0d8098dca4bcdfae074610a270bc4406d6b78bee6ce2bbcdccb689c4ddb5ca422c9e292b6a8c85dcb10cae78d8fe299afbf48c93be7776b88b069bb30ddb18a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    92621ee778baa85c4c87c4d6b1f8ac5b

    SHA1

    8f0b172d894e93be8bc8b59c426a5b9102e187fa

    SHA256

    fc9010126c9f714ff7967a43a13c57b616f565ed2befcdbb2fadca616152baf1

    SHA512

    1fdeade7762a0bab129c196a2c59e6a2222f22db22921e908d55cdbb9dd88c6306f267ff47a53227f37026ec862c13bfdf5977920e7f35a23e9f9f0ffffe6a46

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1ed4cf4b703bd88ffaa81db7569d7454

    SHA1

    0716b2500dd5bcdb322f2343364ca0be5023eba6

    SHA256

    a76fda15e5b081cb651ab224f2dee4880e8e34a615e0d8aea7a6ff9fd6ed3d97

    SHA512

    6aa05e15e86f57d97ae79febe36cfbc84fdfcc452d93f8406c08a11f296b4a59706b5fd190bf2a2d58452994e8d31d72d07af6e813640c43c17f9356bfd6cbae

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59589e5f5b6e971b30e682c96ca1f913

    SHA1

    9a63e68f98fb80c874203b81f42ce118010c1150

    SHA256

    496f8ea1cd77b77edd965cb83e9cf1b34bb988592e34bc3e97842a199b3a980e

    SHA512

    a37ddbd625031b3dbc20b35a6486cd201bae85795faaa384b565779fa80093417b0b86d4b08946e789b15bb8378041a93f89cad08369dacd5e66ba21e4d7a864

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d634bed4e6565660e123dd01397287f2

    SHA1

    2bf923ef7ffc2fcb11e880fe00f3099937eb2271

    SHA256

    f33cf7d6c108256c5c9c7f07623e7b27a38c7eb4f03a4b6f80f7c1fd396a98f9

    SHA512

    65a9d5fe0c7fd2ec6df3d986818cef636cdea203d522aa82ff699cd141354ca18f726a40e46a56ac6f49a45f3baff307b58702b8ea3b17547d25de1afe84a322

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f57f0842fda76783bdf69643aa1be067

    SHA1

    b40e1d368ed6a7ce92b4e14b10dea0aafc855826

    SHA256

    a339c375007e73542b7ffcf9c48315b1514a5dde6c45f8205cf3b31f18557ee5

    SHA512

    1f629fb690e78a3b1ecb061da8d3462e243326604f7fa91ba55cf72024139682551802d8eb5a79533c5bd7eb2aca80a954039c6f0ff05a5f762694f8a4d235d7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    93b3608dfef0ee3c8b1af39e960289d9

    SHA1

    84013c05edeb93450890ba845d6ba4dc359c5928

    SHA256

    5fc104c6f44dbb94caadf4d3afe5880dc1c9b035f9a3c1e9b679ee22eb714be6

    SHA512

    e4d24e43cbe4f1f0fe371d6a937131d0cf85931036849b52c1f44570c77a77aaefa645ba2fd5c580a8cfa0dd1824166278375b60d7188f4e1f2b0a519af3ca0e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    28fcd9a9b39da00adfc35c6c95aa85d3

    SHA1

    dffe4771fb91d28818d97e646f7e50ab6e0518d6

    SHA256

    7d3d330b657b7c46761dfc037a0d948d68a58ccde3a395fd8fb06ef76e5d538d

    SHA512

    a157560c030ed151eb5b4317bf6fd624284ec6e2505b45cdcfaf9485e53813f041e2560755b1c258904254dba9e1c0e34733b872782a4d7611a9f180fdca0017

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab763.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar854.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit
  • memory/2764-9-0x0000000000400000-0x00000000005E5000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2764-6-0x00000000002F0000-0x00000000002F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2764-11-0x0000000000400000-0x00000000005E5000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2940-0-0x00000000001B0000-0x00000000001B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2940-1-0x00000000001B0000-0x00000000001B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2940-2-0x00000000001C0000-0x00000000001C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2940-4-0x0000000000400000-0x00000000005E5000-memory.dmp
    Filesize

    1.9MB

    Download