Overview

overview

10

Static

static

3

09d3ad3506...57.exe

windows7-x64

10

09d3ad3506...57.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-04-2024 19:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09d3ad35060113492337c07466e187b3a14a36e6cea9be417a7fc7f7acfc9757.exe

  • Size

    1.8MB

  • MD5

    82a97145474f9241f278ba71388d6fb1

  • SHA1

    908e3440ed9c7986c0b2d6fdae7b0150e6f2c1fa

  • SHA256

    09d3ad35060113492337c07466e187b3a14a36e6cea9be417a7fc7f7acfc9757

  • SHA512

    306ff81b5c62eb2686c92f9a3a2846faf6c11e10869bc943da0124138c9e37b0eae36428e3269631fd5e5442db67a5dfd5dc21822457c1a59afd4a9bebf40d66

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09xOGi9JoBqgvppOir7kw8atSw6ZwaIi0HjwC/hR:/3d5ZQ1rxJ/QUiUUt96Z0D

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09d3ad35060113492337c07466e187b3a14a36e6cea9be417a7fc7f7acfc9757.exe
    "C:\Users\Admin\AppData\Local\Temp\09d3ad35060113492337c07466e187b3a14a36e6cea9be417a7fc7f7acfc9757.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Users\Admin\AppData\Local\Temp\09d3ad35060113492337c07466e187b3a14a36e6cea9be417a7fc7f7acfc9757.exe
      "C:\Users\Admin\AppData\Local\Temp\09d3ad35060113492337c07466e187b3a14a36e6cea9be417a7fc7f7acfc9757.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2956
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2652
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    544e0f3ed13291185af16936fbb3064c

    SHA1

    4755b3ccad1ebee2787067e454526ddf1b96125b

    SHA256

    42330a32102ecd0e2e152dccd98d771ea3adb160f40230206ce1e25f3e7eb2ca

    SHA512

    8e68f0236254952037555fb4fa92ab8a1546217c4395e9e81d2d734fb5ea06f5e36077965bb91c08452a7b1beb72e07007c314195f1f5eb141ccbdb606a0c22b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d0e3ee6d813ddacfd6ac2dc3c2cc5c24

    SHA1

    6ea08ba65e1a7007cdf9aecddd34c4fc5811a2fa

    SHA256

    8662ec0f12892fd4c883e1b03088f673d37ea5c5e0552a11fa63e40217d37f21

    SHA512

    57b9f5a4d8d4d9915971784ea706cf36242835e14bed616581f81e301a7d0116c8af1953649c8cccb7bc5e1f8be31739c91c23246752f0c3e916489d8b1a77b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c9c19c601e1da41d6929432098ca9f26

    SHA1

    6765f7b697fb74539ff534ed0bde65298da1ee83

    SHA256

    f550a1e407df068eff4cd8efb267d41ba90983f0b5c14b3eab77c00caf16e3f0

    SHA512

    230efa7164bd91d1642d591aca97f7cf20d81a57fe297470e8059b6534d82f0d9b7de31129ed6d7e88fd8588a79ee6d0df9c36795ac6c8924d09d4a7621f9f3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    839f77dca797d121f2647097bfc8c5ae

    SHA1

    ac15371918b8c30e228e3cf4050847ae7a490546

    SHA256

    4358fcaccccd9ec4915e50e01a3027d828e867f828636a75287cbd7f212cb804

    SHA512

    efe07e062d553235c7ee6e71207b1c4da0ed525e8d6bc73977ee22076f89c86272efaac9f2b219165347ebdd3839438ba74125fb287fad9e839a0501be7bae58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    32a75f8af2ef7eb2bf7621a6b3ba6514

    SHA1

    bce64bf7ab36355da9886c811073a389d3f80fd6

    SHA256

    392c44fde46d3e766e38db15b3673abcc31b12b37096c971314634efe3b59778

    SHA512

    6c31eeee9c60d762b0ba9fe3d13d5bab9b3ba8c636e6e251a80f8f12c6e81ce42c801a79f30e5f3357725879e62ce67f2db839af546312a0f8b42ed7e52d341d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6c651b3a815eb1f46d57ac67cd4897dd

    SHA1

    569844675fd383ee24e20602d25157ff6cb5e254

    SHA256

    e66aa2b2ec9bad855d9287f52b037ed5d61f26237547b1c1cedf381e1be8b02c

    SHA512

    9ab193c0008291ab03d50555ba4a7dec7511d9f79f8bb89db266119c2b477d72b5d0fc45162a906985d1a15fe9aa330a57ab0aa9f265ae975d187912a11c0842

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    87a4bc7ccc2088a4f1c8450e6503197a

    SHA1

    88a8cd081e75d5164025e0cb8e49b5e79935e184

    SHA256

    54f5b2147282a92619c752712bab9afca216bda818487274f51ea9af1c7a77bb

    SHA512

    09d901cd4e07dc888228297fd10fa28c2a1f502e668961eb69fac74b197d216994cba437bdd33d843e21a49531407fc176ddbf5cf27c678a90d944b9512cb56f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    89fbb7d57031de859f9b08a56fbf8acd

    SHA1

    3a00ae4223d5278dc0d996aaf395d4ab3b35fa57

    SHA256

    c6598a7e6ac4c58974e05677bc7ac7b2e3d44320018c2946964b6de3cadadda3

    SHA512

    c36cfe6092a02bfb404b91e5602ce002d6ca242c5488e93e57fb08f1f4d3313b294723fe59daddcf0d4359279db1cf5db4564ab74da56f875450425971e6ed57

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7f795de65a82e33f6d12cb69d3f8d4ed

    SHA1

    c3736d574adbf498f80b272e963d71a0b27e9a0c

    SHA256

    37c7bcc309327c918368deb0e84b0783c1f6dad5ad67e8188c37dc2e1b94bbac

    SHA512

    c7a6500e6b52617d5bdad7caa5dccd16321f31f8e28182eb31c75cdeb545a1e33e4f3d73f9bfaa1c1c35998669005dd952ed4bd9d1c41656d2a3cfa2858c133a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    37ea6d072e5ec1c74414ee3f8d40a605

    SHA1

    8cbb4a32ab0feab0d00482d2e5734eaa8858ba2f

    SHA256

    5fd7399696027d75d14334a837446577cdec9365815d641bcf9f4081aee61d0d

    SHA512

    306acf80990a17817a9ed127e16eeae1dbc14eeb238543568a70d7c03ab8bef4595813e5b918ee74982bb6fc827e40f26a5110575f55b41a0ff256bdd92d39a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    45f0a77748ad6ca6e00345f3c1f62638

    SHA1

    16fe511959d27c930d0d4b954ee540e80485fa62

    SHA256

    0fd57632d50585797f03f04c9d36337b7deeea1545230218b4d4f72be99dbfe5

    SHA512

    373ecc7505bbcbda3e97762216722c768b1bcb627fbdb933646bd7c4cabb62e3e8d105ebb31e3b5458eb83c1b4b1aba56e687298a7a00a791ac76ad3b8a54eb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    76690be4d6919c79611e3f846dac0dd4

    SHA1

    6d17aa52169e4a9b52b8dd42ba3080f8ff6c1538

    SHA256

    96a9ffaf4e1924c52f57600fdd1dae621411c30f0d3af988f35a9f7dc0a5d95a

    SHA512

    f72debb189c208cd5dad4d3d14d84a9f190efffa16496c97b679597fe6c21fc15b79888b316251e38b529b7989915222147881fe29dbf3d2fc8cfd2fcc5ae4dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7eae3a2acf014ce2c6607defb3426c55

    SHA1

    2fc3f9d6bd7bc8d0144994b3fd565f98fdb31068

    SHA256

    64107cd041d5d7b680b84ec17204cb9b756f0de220e4db5fc4b8a2b86c635ab6

    SHA512

    5a439af6943bd6bc5ee2ec378406ce6982f34a44afbc6854c5b51713d91a8076bf25eada354e02f17babfcb443d9fd8bc7bd583143b23a1bd7704e01745d7cb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    479ab9485f918dae76da6bd4fb615228

    SHA1

    bba64e796d9b00b0c3ca442d3eb66e3a1bc05f85

    SHA256

    8eaec3e7df2985d72b13864bcfb2fd6db91043b5a91b43f0c781e0b6babb6101

    SHA512

    acea729dcbe120130b7f0efc4cd73040d22dd9a8fc1da3f73468cbf63955b3cab007b292d675d405c397eb831e1bfadf6bb9748ee0113197d59a73ebaac88aa8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f4451dabbb271d427637e188ff54cd9c

    SHA1

    8e1e52c115c07c150fff1356c621d07679d2351e

    SHA256

    a618719f85b095db63255ca6b707a1c9d66ff3116bc980c81a34f12b8dab88f8

    SHA512

    ed079ff80df9f834fede6183029c45c919304fcacd15cc0f15db1aea0b38b03b37fffa20a83886e5dd05fd2490dfe1edd697be49d292f5f7a47adf46e788b69b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d66860b50cf0344e5d29af73c35c916d

    SHA1

    5d2652f54fe9fd66ece23acf1f9e07f1a56b4af8

    SHA256

    a7851a63d2451619f8f630b89491e2154f9cdccfe5e935c202ee7d0ee74deaeb

    SHA512

    147b0e2026cb6582e81894967eaf087c448c8b991092ca0c6340fa12f2375c9c4d00a268373974019e9e515866a041da03d837020875f78df01572abfa906e79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    192e36c4c35a0e7c848ee359d50a0f2c

    SHA1

    ef4396c9a32137de8a1691eb7bbc17c8f4f50bf2

    SHA256

    1e0fea82eae724f50760f73439bb488e48777c3f44a5038c578448cffbe9d4d7

    SHA512

    d20e8e09e73cbb57a0fbc15b11c019b018dcf4da2210a35eb50fa2e054e1ab28fd345e30b04e2f25d044ea15f105966f26dd9f0f0a6d2772e4ccef8aac107bb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    769c640b1b9010c98d2d35809b23fb08

    SHA1

    31d04ac1408f4e2ca11f76b3a388fadabdc1e69e

    SHA256

    cb3c7189d5bddba4c8cdcbd9f719b634ab4dac4b288cbadff36e7354d48b770b

    SHA512

    f35dd678e161036882713b5d7fa693565d66cdea6306e49cf82718aa56af0353170016af215f5d2324b67accf6504532c60936671670a3da362868bf05861a32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d1475cb69c069ad4d62b047a9f60b852

    SHA1

    4915615f60cbdb3bce522d1f21c5d96be4aaca47

    SHA256

    7b2aa49dc6e8168fcea7b2b0283c942b9d2825132c2bf7588365bf41de70961d

    SHA512

    9a5dd216254f73c1366d05722eb8cb33ab26c10566408ebeb2949ca674a2906ad1e33fe9176ac7835149bed4771e350719d1c1e9d091dbfc3275d28ff597e5a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAFC.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC93.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCA8.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2156-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2156-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2156-2-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2156-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2956-6-0x0000000000300000-0x0000000000301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2956-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2956-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download