Overview

overview

10

Static

static

3

2030732ead...81.exe

windows7-x64

10

2030732ead...81.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-04-2024 19:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2030732ead64ff76554e5954065adf385858768faa6a560cc1afc3bc791bd681.exe

  • Size

    1.8MB

  • MD5

    c60fea2de142d1952ecbe25a1d0b5ee2

  • SHA1

    569b71226d24cacf6b5a49df2544cad33aaf8e45

  • SHA256

    2030732ead64ff76554e5954065adf385858768faa6a560cc1afc3bc791bd681

  • SHA512

    c07c4b0ab1960dc5a12446b172b1715a7609c1c67d90d184f65f860204c52b607a680ad1d9861cf564f0d10fdebc0199068a1c5326b8984a53529d10cccec991

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO098OGi9JbBodjwC/hR:/3d5ZQ18xJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2030732ead64ff76554e5954065adf385858768faa6a560cc1afc3bc791bd681.exe
    "C:\Users\Admin\AppData\Local\Temp\2030732ead64ff76554e5954065adf385858768faa6a560cc1afc3bc791bd681.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Users\Admin\AppData\Local\Temp\2030732ead64ff76554e5954065adf385858768faa6a560cc1afc3bc791bd681.exe
      "C:\Users\Admin\AppData\Local\Temp\2030732ead64ff76554e5954065adf385858768faa6a560cc1afc3bc791bd681.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2860
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2436
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2e1e5747cbc6383064dbc969b2401d82

    SHA1

    5c978c398ada9780500096cc069fbc75f9dc7925

    SHA256

    b865adafbe4761da0040919ef74d93aa3ecb87fd58210eb928758be96a192466

    SHA512

    4028546f43475ce581bdb3f23429a3fc437c9630982efa92da0aee055217d9ea99b24d86fad0a907de9fc40dac85dabd7a5475e882cd5d8ad5fbc840be2814b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    92ce02a4219314d224393f13e777b778

    SHA1

    3e6cf8bf58446b9fe215236bcce181bac782f395

    SHA256

    1d0a90eac869eb5edc04be130f94339e62507913f6a3bc656ab8ca86618b74b7

    SHA512

    77010906c2039d9acc39f3116bd62f263e41f7dd6eb1bf904bd8b154ffa66a8d40f1a9e5e450f470f77c08146dc6eea847e9a26554c0a4245637736db4de5fc3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    de8cf5751607a4949cd5bbddb19ea199

    SHA1

    a3997ad858d5ab98505b2471382308e7b7d07b0a

    SHA256

    4cdaf5f056f5168bf20f55ea54d096f149c8f51228cfef350e78d5d326ce06ae

    SHA512

    2e5319ee383e27561552d6b1790a01dc282c2e2c26a6ddb4cffcfa6c277d941e2b5dc31e461e53b6636ca271453f765cb126d80598480f592341434281df1e81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a418a1345496fca9d0f9ec4259eadd67

    SHA1

    38605a8cd01a30abc21a88f7e0291d6a61b6a71d

    SHA256

    d8550a9ec0e2e3d13d0340c549fd80941a8443dc6f63b57225bd65fceb617655

    SHA512

    a4e6dc8fe28e54b06b17fafff58ac31276396773227096547e61fac796c811be548ae5702946c41f2470c36bcf9557fa21178b3065a6bf260a4a69d042588ca0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a62f6c1ddadede0997b768dba5f7282c

    SHA1

    87519f6a791162fce3eead6446a7db9d7ee60929

    SHA256

    b19a99c21f4d1f82a4d75d21434a198f40699ba5fcdb16911d0045b9de658dc0

    SHA512

    3662bf4297d46bb3332c3642c14bc054ed8a52938f3cd64cf0897c7a1bddd03ab9e6f69bce41e9b060a04a436a8276e019928e9946d7e3ffdd8a9e175bcb0c64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    7fc0211ec7a358026f59344ddbc47ba8

    SHA1

    aa0505138b02f349e8fdb46bfb0cccba374caba1

    SHA256

    ca718e3e6e953e92309985cff00e6f4dee894f3462834f662e89669537a4b428

    SHA512

    4b5f213bb100fe9a93343c10721f71ed65a98ee2d5c5eb3117d765bb59d9b152b599b3ff73a6dbcc436070127e02cf117ba05622cc51f7865d707c294e9d8110

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    5ba86bced9b0984dcc0237c10bcc5efa

    SHA1

    c5a91d81f9ca8e28fdf3236e49eef01f6289da22

    SHA256

    ef27e19cf406e4524f9b4ea6b25a85d9f16f2c6f92898c2ffbc0f1e54371bb93

    SHA512

    2e45c91074a7289b2e5a45dc042a6c251cfbded7cc8c8d5610c4c7fe61d3b3409edad9843f4105c98d161118cee2a6a00f24814ec7eba1bbc3d521c69d738c6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    5c8a5267b3fe3c6a5cbe47b8af216774

    SHA1

    0a65017248abf3b7cb365ebe84991bd21e2e39e9

    SHA256

    b74926bb44f8fda3e4ab38432749563551603807daebb9777976846f9cba2604

    SHA512

    5539debead9d5d191962d0a8450e7ebf8094745f64dad8a90be6ac33abfdbd6ab365a025b7bb381c854f14899ff4793a6919c626305bd6ab8fb43ed40186f89a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    cfc0574346f50660c1570fbe3d6d361b

    SHA1

    85fed1e3aa23ea595c625e12c3deee86e426b88e

    SHA256

    c9c5fe43b4aeb3265fffad61255da83c4a48de1780ee84fd540ff5352a5bbd93

    SHA512

    15652e1519996825e813999064ec0c4d20e4ae0fcd55ff8b421be065df3d98766601ffa9116f5174fd544bad3fc85c9bd2eff098a76bcd81b3bd8a0eda705c0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    06fffa676532bba580cb56b62a6e9a8b

    SHA1

    ee3b6495bf912d44f09ce686a689ddfad1317dee

    SHA256

    70a1cc1a38959e27b810da57c4485a0aa8d9beed98d321b2d501151edd7f8246

    SHA512

    e3cefbfa01f822bd4000057629394e921928cc7628fc4b8504a9cd67606a342ae0f5b656ae29b0d44b3b4cabf4193440d8d76e00b60d66825062badf389f69db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    43d3453000af4a4afbb6753d72cdd217

    SHA1

    904a85492e9005cd1abc0f8787f82d1f92e800c6

    SHA256

    79a6957a2209db514087e2dd19a82d3613763b79db453827e6266fd93b1dcef2

    SHA512

    15ab517dd3136135c7c0c0bbe44eecb9a398c0d0897a35c8ac66632effafd8a5c13d0ae83e84840c6b3492bac00a8f91c7201acc29a415c16e71b97ed9963c42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d3eaf525bd0ecdc97301c1846ff502fb

    SHA1

    e0d857a8e35dfdcfce4916a18af8e88e8146e86d

    SHA256

    28a9453442d813b8d7ca5da7b7fa4ecede980529445381c13add0a9407a5466e

    SHA512

    e2d2ed731f741fd81981ea55e829df1378e172a9f385c5a6d85b421e2c3213adb4f42bea7358504745556c35370e8d3c5370ca22e77e7417b746c91a982558c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    15c79ffc101d227a154b97063a409571

    SHA1

    12ab2057595a0e39fd0143dff199391f96e12d00

    SHA256

    6b4243aa206cfdfd7c48c50321bfcc82a636c8d574a3f0431b6833f07c405356

    SHA512

    cae8394852f480af89bbe56641b73d3b44eaa882c308ac6ad197bbed88f0e5e0ba32cf30a6db64f0673ca6c6aea5eacfc63ad7f943cd74624181322268f5f549

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    4bdea5309b3ff1139dc5010fbfb54a22

    SHA1

    3291e6667ee3908ce67305115f62a069cb9320ee

    SHA256

    94eeed6d293ddd544f3085ad96a6f7a7ed6dc805c5687f6ee0e3eb5e465f8f33

    SHA512

    495737151950e8f2123a1ecdcc6d5f7557fd8d3690125aebf0d8fb1e5447747f6872dccd5e2678a7989c4e656730d0db015c7e16df3a6972e40ec9b4e1b9f614

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ce7eb70e987ee430d26bf9c0ea57a100

    SHA1

    88af039e01863383032c2ec823a5523385c7fcc0

    SHA256

    a7e24cc0cdd9f75bebcb63cbbef1a7dd52b0d6a940dfaaa2c48b6bad0def0045

    SHA512

    fc7574a00536fbc61edd5ad88ebd1bbcb5139cee5ba52ff3c9f78ddd328d615f63406283dedaa2b8c7daaa5ac4cd3d7c279fe12297388b3e2f6b7f95781641b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c3c00bfb0ad6c1c959130c73db4331b8

    SHA1

    4b0dfd226f157090a124e6d64e43720ca25410cf

    SHA256

    3462b859873c0767da65b21a2e885fb80dcec50f07989cef667ffe0210200ede

    SHA512

    b7ed8e3d82ee8d981919b8d72f543e85dce34e60afe88cd503c4c48e5eaafbefa79025aa35fedd4308761fc27bc972aae141d5e77ce84f58bfdcdbe8b1a27aa8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDAE7.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE5B8.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2764-2-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2764-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2860-14-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2860-6-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2860-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2860-10-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2860-11-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2860-12-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download