Analysis
-
max time kernel
117s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
17-04-2024 19:21
General
-
Target
09d3ad35060113492337c07466e187b3a14a36e6cea9be417a7fc7f7acfc9757.exe
-
Size
1.8MB
-
MD5
82a97145474f9241f278ba71388d6fb1
-
SHA1
908e3440ed9c7986c0b2d6fdae7b0150e6f2c1fa
-
SHA256
09d3ad35060113492337c07466e187b3a14a36e6cea9be417a7fc7f7acfc9757
-
SHA512
306ff81b5c62eb2686c92f9a3a2846faf6c11e10869bc943da0124138c9e37b0eae36428e3269631fd5e5442db67a5dfd5dc21822457c1a59afd4a9bebf40d66
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09xOGi9JoBqgvppOir7kw8atSw6ZwaIi0HjwC/hR:/3d5ZQ1rxJ/QUiUUt96Z0D
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Drivers directory 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\09d3ad35060113492337c07466e187b3a14a36e6cea9be417a7fc7f7acfc9757.exe"C:\Users\Admin\AppData\Local\Temp\09d3ad35060113492337c07466e187b3a14a36e6cea9be417a7fc7f7acfc9757.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\09d3ad35060113492337c07466e187b3a14a36e6cea9be417a7fc7f7acfc9757.exe"C:\Users\Admin\AppData\Local\Temp\09d3ad35060113492337c07466e187b3a14a36e6cea9be417a7fc7f7acfc9757.exe" Admin2⤵
- Drops file in Drivers directory
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5544e0f3ed13291185af16936fbb3064c
SHA14755b3ccad1ebee2787067e454526ddf1b96125b
SHA25642330a32102ecd0e2e152dccd98d771ea3adb160f40230206ce1e25f3e7eb2ca
SHA5128e68f0236254952037555fb4fa92ab8a1546217c4395e9e81d2d734fb5ea06f5e36077965bb91c08452a7b1beb72e07007c314195f1f5eb141ccbdb606a0c22b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5d0e3ee6d813ddacfd6ac2dc3c2cc5c24
SHA16ea08ba65e1a7007cdf9aecddd34c4fc5811a2fa
SHA2568662ec0f12892fd4c883e1b03088f673d37ea5c5e0552a11fa63e40217d37f21
SHA51257b9f5a4d8d4d9915971784ea706cf36242835e14bed616581f81e301a7d0116c8af1953649c8cccb7bc5e1f8be31739c91c23246752f0c3e916489d8b1a77b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5c9c19c601e1da41d6929432098ca9f26
SHA16765f7b697fb74539ff534ed0bde65298da1ee83
SHA256f550a1e407df068eff4cd8efb267d41ba90983f0b5c14b3eab77c00caf16e3f0
SHA512230efa7164bd91d1642d591aca97f7cf20d81a57fe297470e8059b6534d82f0d9b7de31129ed6d7e88fd8588a79ee6d0df9c36795ac6c8924d09d4a7621f9f3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5839f77dca797d121f2647097bfc8c5ae
SHA1ac15371918b8c30e228e3cf4050847ae7a490546
SHA2564358fcaccccd9ec4915e50e01a3027d828e867f828636a75287cbd7f212cb804
SHA512efe07e062d553235c7ee6e71207b1c4da0ed525e8d6bc73977ee22076f89c86272efaac9f2b219165347ebdd3839438ba74125fb287fad9e839a0501be7bae58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD532a75f8af2ef7eb2bf7621a6b3ba6514
SHA1bce64bf7ab36355da9886c811073a389d3f80fd6
SHA256392c44fde46d3e766e38db15b3673abcc31b12b37096c971314634efe3b59778
SHA5126c31eeee9c60d762b0ba9fe3d13d5bab9b3ba8c636e6e251a80f8f12c6e81ce42c801a79f30e5f3357725879e62ce67f2db839af546312a0f8b42ed7e52d341d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD56c651b3a815eb1f46d57ac67cd4897dd
SHA1569844675fd383ee24e20602d25157ff6cb5e254
SHA256e66aa2b2ec9bad855d9287f52b037ed5d61f26237547b1c1cedf381e1be8b02c
SHA5129ab193c0008291ab03d50555ba4a7dec7511d9f79f8bb89db266119c2b477d72b5d0fc45162a906985d1a15fe9aa330a57ab0aa9f265ae975d187912a11c0842
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD587a4bc7ccc2088a4f1c8450e6503197a
SHA188a8cd081e75d5164025e0cb8e49b5e79935e184
SHA25654f5b2147282a92619c752712bab9afca216bda818487274f51ea9af1c7a77bb
SHA51209d901cd4e07dc888228297fd10fa28c2a1f502e668961eb69fac74b197d216994cba437bdd33d843e21a49531407fc176ddbf5cf27c678a90d944b9512cb56f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD589fbb7d57031de859f9b08a56fbf8acd
SHA13a00ae4223d5278dc0d996aaf395d4ab3b35fa57
SHA256c6598a7e6ac4c58974e05677bc7ac7b2e3d44320018c2946964b6de3cadadda3
SHA512c36cfe6092a02bfb404b91e5602ce002d6ca242c5488e93e57fb08f1f4d3313b294723fe59daddcf0d4359279db1cf5db4564ab74da56f875450425971e6ed57
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD57f795de65a82e33f6d12cb69d3f8d4ed
SHA1c3736d574adbf498f80b272e963d71a0b27e9a0c
SHA25637c7bcc309327c918368deb0e84b0783c1f6dad5ad67e8188c37dc2e1b94bbac
SHA512c7a6500e6b52617d5bdad7caa5dccd16321f31f8e28182eb31c75cdeb545a1e33e4f3d73f9bfaa1c1c35998669005dd952ed4bd9d1c41656d2a3cfa2858c133a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD537ea6d072e5ec1c74414ee3f8d40a605
SHA18cbb4a32ab0feab0d00482d2e5734eaa8858ba2f
SHA2565fd7399696027d75d14334a837446577cdec9365815d641bcf9f4081aee61d0d
SHA512306acf80990a17817a9ed127e16eeae1dbc14eeb238543568a70d7c03ab8bef4595813e5b918ee74982bb6fc827e40f26a5110575f55b41a0ff256bdd92d39a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD545f0a77748ad6ca6e00345f3c1f62638
SHA116fe511959d27c930d0d4b954ee540e80485fa62
SHA2560fd57632d50585797f03f04c9d36337b7deeea1545230218b4d4f72be99dbfe5
SHA512373ecc7505bbcbda3e97762216722c768b1bcb627fbdb933646bd7c4cabb62e3e8d105ebb31e3b5458eb83c1b4b1aba56e687298a7a00a791ac76ad3b8a54eb4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD576690be4d6919c79611e3f846dac0dd4
SHA16d17aa52169e4a9b52b8dd42ba3080f8ff6c1538
SHA25696a9ffaf4e1924c52f57600fdd1dae621411c30f0d3af988f35a9f7dc0a5d95a
SHA512f72debb189c208cd5dad4d3d14d84a9f190efffa16496c97b679597fe6c21fc15b79888b316251e38b529b7989915222147881fe29dbf3d2fc8cfd2fcc5ae4dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD57eae3a2acf014ce2c6607defb3426c55
SHA12fc3f9d6bd7bc8d0144994b3fd565f98fdb31068
SHA25664107cd041d5d7b680b84ec17204cb9b756f0de220e4db5fc4b8a2b86c635ab6
SHA5125a439af6943bd6bc5ee2ec378406ce6982f34a44afbc6854c5b51713d91a8076bf25eada354e02f17babfcb443d9fd8bc7bd583143b23a1bd7704e01745d7cb4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5479ab9485f918dae76da6bd4fb615228
SHA1bba64e796d9b00b0c3ca442d3eb66e3a1bc05f85
SHA2568eaec3e7df2985d72b13864bcfb2fd6db91043b5a91b43f0c781e0b6babb6101
SHA512acea729dcbe120130b7f0efc4cd73040d22dd9a8fc1da3f73468cbf63955b3cab007b292d675d405c397eb831e1bfadf6bb9748ee0113197d59a73ebaac88aa8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5f4451dabbb271d427637e188ff54cd9c
SHA18e1e52c115c07c150fff1356c621d07679d2351e
SHA256a618719f85b095db63255ca6b707a1c9d66ff3116bc980c81a34f12b8dab88f8
SHA512ed079ff80df9f834fede6183029c45c919304fcacd15cc0f15db1aea0b38b03b37fffa20a83886e5dd05fd2490dfe1edd697be49d292f5f7a47adf46e788b69b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5d66860b50cf0344e5d29af73c35c916d
SHA15d2652f54fe9fd66ece23acf1f9e07f1a56b4af8
SHA256a7851a63d2451619f8f630b89491e2154f9cdccfe5e935c202ee7d0ee74deaeb
SHA512147b0e2026cb6582e81894967eaf087c448c8b991092ca0c6340fa12f2375c9c4d00a268373974019e9e515866a041da03d837020875f78df01572abfa906e79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5192e36c4c35a0e7c848ee359d50a0f2c
SHA1ef4396c9a32137de8a1691eb7bbc17c8f4f50bf2
SHA2561e0fea82eae724f50760f73439bb488e48777c3f44a5038c578448cffbe9d4d7
SHA512d20e8e09e73cbb57a0fbc15b11c019b018dcf4da2210a35eb50fa2e054e1ab28fd345e30b04e2f25d044ea15f105966f26dd9f0f0a6d2772e4ccef8aac107bb5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5769c640b1b9010c98d2d35809b23fb08
SHA131d04ac1408f4e2ca11f76b3a388fadabdc1e69e
SHA256cb3c7189d5bddba4c8cdcbd9f719b634ab4dac4b288cbadff36e7354d48b770b
SHA512f35dd678e161036882713b5d7fa693565d66cdea6306e49cf82718aa56af0353170016af215f5d2324b67accf6504532c60936671670a3da362868bf05861a32
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5d1475cb69c069ad4d62b047a9f60b852
SHA14915615f60cbdb3bce522d1f21c5d96be4aaca47
SHA2567b2aa49dc6e8168fcea7b2b0283c942b9d2825132c2bf7588365bf41de70961d
SHA5129a5dd216254f73c1366d05722eb8cb33ab26c10566408ebeb2949ca674a2906ad1e33fe9176ac7835149bed4771e350719d1c1e9d091dbfc3275d28ff597e5a7
-
C:\Users\Admin\AppData\Local\Temp\CabAFC.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\CabC93.tmpFilesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\Local\Temp\TarCA8.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
memory/2156-1-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/2156-0-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/2156-2-0x0000000000270000-0x0000000000271000-memory.dmpFilesize
4KB
-
memory/2156-4-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB
-
memory/2956-6-0x0000000000300000-0x0000000000301000-memory.dmpFilesize
4KB
-
memory/2956-9-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB
-
memory/2956-11-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB