Overview

overview

10

Static

static

3

cb01898e18...80.exe

windows7-x64

10

cb01898e18...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-04-2024 04:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb01898e1825b93578e1fd7bff438f2802d3a9062c52dcde59b388c1b8ad6b80.exe

  • Size

    1.8MB

  • MD5

    1a6effbcbe58848445ac06b62e9484c9

  • SHA1

    c827e53da6eba53f1abaa2d4cba92e6036810d4f

  • SHA256

    cb01898e1825b93578e1fd7bff438f2802d3a9062c52dcde59b388c1b8ad6b80

  • SHA512

    c0270103e30c43d7fe50677bdd3851ee9d42018019e9d37d509839fd4eb526158428163fedfd266e5d8a53306b10efe612d78380156f5617d04c4a93acaa52db

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO090OGi9JbBodjwC/hR:/3d5ZQ1ExJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb01898e1825b93578e1fd7bff438f2802d3a9062c52dcde59b388c1b8ad6b80.exe
    "C:\Users\Admin\AppData\Local\Temp\cb01898e1825b93578e1fd7bff438f2802d3a9062c52dcde59b388c1b8ad6b80.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Users\Admin\AppData\Local\Temp\cb01898e1825b93578e1fd7bff438f2802d3a9062c52dcde59b388c1b8ad6b80.exe
      "C:\Users\Admin\AppData\Local\Temp\cb01898e1825b93578e1fd7bff438f2802d3a9062c52dcde59b388c1b8ad6b80.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2160
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2296
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    654d229d2cc398f287c4e987a3d7ef0c

    SHA1

    e176e0317c5fc728e90bfb8f39e8d11768e0faa9

    SHA256

    3c806db5cef04d3ffce23c47c28a114dcb433e5850459b4ad400bfb529cddc7b

    SHA512

    b7b3ffe8e6e224680c58c299740e55d5d0bd7a688d5c425ab5df58f22a646914530b969e9e2b02e12c5fd3a3efd2c3cd2e8a0f9e954f1a9939eece0e3cf53b85

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    854b50d7a8a5d5e6ddf65412ee75fff1

    SHA1

    d4076cb1680b680332a13c3b945a8c862bc76982

    SHA256

    73fcb262f22987df13d09910f9bbbc3b6e4252d86e4ee2216ac03060dbf23ad9

    SHA512

    7bce30ab44a1f7ea47c7bc455885c1302519739df591951072d125430f1972991d5af481f2701281b34059bdbcde46032f35740246963804d13e934c0652cfbd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b7af15592ecec8f65a16a04b67150172

    SHA1

    10e7b09b9ee6be11ee190298d5d2233022c52930

    SHA256

    2e5f9c79b55b09917384ebf1e1ebc2bfc4ab8fc03315a08d91742554163a301e

    SHA512

    00f2231bb612159d3dfac12ba875e29e9c03b22332ab141766b5ee75ae240dbcba88fe41e2a7a6e7f13151979a1647cf82a218a3b3c5365408286bc0f360c314

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f9d624a75b534f865d9e5d6536c90788

    SHA1

    f0e42473168d9c86944ac232af4bf4c571fb6a7e

    SHA256

    81bfb7465b7b7d34af4b3ee38fbf381522de53c0e6d3e44e11b9d794fa07c6f9

    SHA512

    a1acd5322662008c7fa824b0e0d8c5879c5856a93684be83560103ca4de737be5f8ac27c955cd887b164e6407b0138ad2b46fd358379da8b6273b17ef9ebacbc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5dd1406e79f0e544a5604e213b3ec232

    SHA1

    a218cf265b93f2d12d6dba870426d3da5535bf19

    SHA256

    ba03fda17d3cb3d03a1d93036b23e6c2e7fa6655d725c14dfd6c37b25ef7594d

    SHA512

    df012af27467a5e36457acc7684a2726910216577a0a1c3f33bcba94c76ca111c44558530606a764eb00367a9bc19ec87dad73c69057b065bfc3bb3abfbeb8fc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c9118c8faba7e439379e61cc6e4639e6

    SHA1

    60c7cf0b2390982a73ab6d6420b07d457039899c

    SHA256

    177657e3f1a435589a2b624c60991614ba10b98e9c7906c2dbbf86b708c8b213

    SHA512

    ad309067d13647b231679cadd436d5bc1533e59e7863394af31b8a0ef7bc89974a59b327889e7c35d7b30e7fb1c0a1915a82c068dc7cb6f71172d2555b44985a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9b04560b5a91d80ae33f4772ab219220

    SHA1

    a4cf3e46c247ee63c7308bad95b2458e24219a8d

    SHA256

    2c060d2409bb74868df8abb1e2acc531906b05d4666a70382b45ba8a11b964c4

    SHA512

    17e83a38b999070506982baa48f40b5f999686133af9b1f532a0b79abc0080ccc1f9afa28e0bca0315be13d512574764bbed87594b030c905b68dda9139586eb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    86bc4e697076edc55b638292f97aaa1c

    SHA1

    73c4631187fc8fd6e91942b20eaab29836d936dc

    SHA256

    fdec58ee95d57c384d1c629eb229a939a764c2b4d73b9c136eb5b7ca6f4f1974

    SHA512

    7f1066e5ba82dbf536922c5a7464ff2657d908dd9c796e20d9064fb25713bfc54b9841bfac67923b091b35b1ba3c0c509a975d502a68c49d4d8e979782edb47e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3483a6199340774e5a1a59765dd4b5d

    SHA1

    07bf4f9da3d6133d1cef7994dc8671f00aa7a455

    SHA256

    c91808947431f927c4edb543b7a65b33f77bc5db1a68dbdc2ba346190f755cdf

    SHA512

    12e9488e76fce3c108153b8c6f16c8e42aa4e394aafc7483da479e666b92f1b37b02965f3cb88b3471104dd4175d0f27c2093e42f14415c25002a46cd8d96a06

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    190dde9f3571918a8e781d7e904ca1b6

    SHA1

    91661a22b22e64719219a7fccbfc36e99145bb1a

    SHA256

    87c4b3d1d83e766af956703c766416d0755b67b512bbaeb63950eba34e573b3c

    SHA512

    2f908336c82f6f3cab908762f69f4300c7f558bf25766e5961f3db5c0e24b035f95c7282db2f1d16da3e8553c295d9079ae4cf64a5396849289b21127226cbb9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e5651442de294c04d1820c48eda7524

    SHA1

    b8ac7fc27690ee0eefc31a12cabaf57bff21db7f

    SHA256

    3b62c01bd3004c1b99a71935821a7e21f8dabe747d2bfcacfb4a307a24e3c133

    SHA512

    9ad17e349f21d87c25b2f10e03377a7aa21eadd1d05dae4a121f0538d6c869ce8fac84a099fe6eb4f46f0b8b0c8fd7ce8069849afbdf8fd460724d14a608578f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be4a963ed23ede46c35893d704bd5009

    SHA1

    ec6e5151282abcc6a0c4bc9309f20b6f0ef17740

    SHA256

    831d030e218e130b17d6eda3366ca8ed9d57f1f7ab7cc7e73915ea1afaeb69aa

    SHA512

    9e93d65d8e8f22fe4b54670f24c7198709d071e94e67746405af1a352a562a6c24fd19f39219bf0f48bfcc9267d92c4e7f84b6a4850e645ced564aceba8940fc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ebcfe9af994821904289a155d9253a83

    SHA1

    72eef701210be1dbd30d2b4ca7ada80684e8fd53

    SHA256

    7e503fee7787414b0705ebe916063cb6fb5dda9c77c7283d6c6fbf1753a62448

    SHA512

    b29fbb47995b10eb8e1a49bd18b7a50ddee308bf2d79bee1bcfa11ef76c8adef14cdfe45191a63995343d7604cf137a8e21b0194c51d275e1d84d8f748adf1a9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    480a8e07bf52a6664b9d177f5c600212

    SHA1

    71b99844c34b4e741ccac4b8f7e1f575bb3a42e5

    SHA256

    f0280c46c95ced5172a469bd80831dfe67dd1db4509937d6ebad0863b724d0f0

    SHA512

    2c900d71bd6302e981a37cd62fbee54fa6f3f20de83f838056c10619815242d4d990849729d63ac2f784497316a687c0b32d079750314928aa19c0d3674acd62

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cc08e0a0f92c14ffc9f7d01a320076ee

    SHA1

    f5a4a69d16c1a39dfee99d282bccaa82aefb95e5

    SHA256

    db909e18bad704df94f17dae490714e6846f31aa7dfc2166d9c9383773366414

    SHA512

    82c454ff56cd483c97e31f5d17656245a4145788d2c5a80cb099ddd5aa4347615c086f5b50b0c92c5fe452a7fb0746fd18185d6d0b40108af371a0f5155ad0c0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bb6c951ffb224e8c243210649a09ddb6

    SHA1

    51a812b8564832d7f7b0738e53fd2163cd6f8b4b

    SHA256

    8902561e15b49f4b8a3d27fba58cc558091b397a6b58ab01fe4304fb0ae2779d

    SHA512

    5b6d2a8cd8297b4c051432e62cb1794f8395b5f1f88e87fd8815f09fbf289dba0470f2a44b9d6ca5ddbe4a0b3619023382cc842c89408ab2e148665f517d3a18

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6010bed9c3cbc8e62b2ee5fb30af1547

    SHA1

    af4e01ebc34575a04f54bf8b8e20ff2f817ae942

    SHA256

    8ad51cf84b3d8e6a29f696092af471ae6d21fd9bd7dcb80e8930c789d043ae08

    SHA512

    be920e7c7db6fae93a919f1a122a0552b35287cceb4aae84d561e8150dfd0b041de784be0e62e8e616f9be1d0265165a0ec40996e0c56e9502c60dd5ee6910e3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dee70d9d08f633bf24541049d5b1b51f

    SHA1

    1f5cc72cb5239f4ac3532340844d42a268d0f2e1

    SHA256

    c0c6b51f9a6ee9b20618eeca41c1ccced6d9f08edaa2e83152cd60f34e7c6e0d

    SHA512

    c645acaa18769318d02d2f2fd2e35f12f8235f21816d0bf175d0d50b9f75d26bf9c10ac381344b5f4b0566ea83923a67e0a74f4490bc4b74ccae7c024b4ec660

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f1392050e441d117e3bdd824d1480133

    SHA1

    b3ca279cd79e5afff48f46b6f8c71db29da23a4e

    SHA256

    519861b53828d293322de69438a7ef20bf60a20d12734cea0003cc5cbecf498b

    SHA512

    2444c6d17c9a38419f46d50389e218b76e9aead8cb448ffa259606b92dd7c31999a58d5a701128af1ac549e67e66117c7246ef96514229462cee9d6de71a61c1

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabEF0.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarFF2.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit
  • memory/2160-9-0x0000000000400000-0x00000000005E5000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2160-6-0x0000000000270000-0x0000000000271000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2160-11-0x0000000000400000-0x00000000005E5000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/2512-1-0x0000000000220000-0x0000000000221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2512-2-0x00000000003E0000-0x00000000003E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2512-3-0x0000000000220000-0x0000000000221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2512-4-0x0000000000400000-0x00000000005E5000-memory.dmp
    Filesize

    1.9MB

    Download