Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18-04-2024 00:59
General
-
Target
be5a48fc4d92a5a26da69b562795456d9ef90ec723b4105c4b1ede5b57cb29e6.exe
-
Size
1.8MB
-
MD5
4414d2ea457ca79b4734f4d03aa10cff
-
SHA1
be055cc414a6559eb0b8f6c61aa643ffc3a042fb
-
SHA256
be5a48fc4d92a5a26da69b562795456d9ef90ec723b4105c4b1ede5b57cb29e6
-
SHA512
c98808a4e483e2d2401c8dbae6cd62c321e993c85cfa406d4ddc56cef804693bcac8b8dd683f96917084f4eefa61b500c5d983b66f6b0e3c3b11585b28226172
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09SOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1exJIiW0MbQxA
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Drivers directory 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\be5a48fc4d92a5a26da69b562795456d9ef90ec723b4105c4b1ede5b57cb29e6.exe"C:\Users\Admin\AppData\Local\Temp\be5a48fc4d92a5a26da69b562795456d9ef90ec723b4105c4b1ede5b57cb29e6.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\be5a48fc4d92a5a26da69b562795456d9ef90ec723b4105c4b1ede5b57cb29e6.exe"C:\Users\Admin\AppData\Local\Temp\be5a48fc4d92a5a26da69b562795456d9ef90ec723b4105c4b1ede5b57cb29e6.exe" Admin2⤵
- Drops file in Drivers directory
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD53b7eafae31902334388569a6b932b49e
SHA17e754d3aacfc758bba3261bbf74c21effcb62df0
SHA256fea0647102a159531b0bd0310803f59b8ccbca9e3f5453d2f72f6dc3238b5896
SHA51220704aa2f2ad94dcbbc9608a83720105d95ddd127f31e4a290fa85892be6556ad263face784a6243a4df0bd8d8ecadb8b2b63fadab1b83498e1411fdb4eef3d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5416d2270de2ab51123679f611bae71c4
SHA1eb0865dc77fdc7dd086e80456c5da7bb9efefcd2
SHA25677be02437a815704630b8159f3013688ff8b3b6749cbdcdb49d67e1611030d90
SHA512b302236d190cc78ce7e1279219ddffd6f0c6893bc71b2eb436d1b9d980d4953b053c79e2125d5fe2a40c42f4f7da68d15fe76a6df961701fca20ee13d19abe66
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5f58de71b78828a40f6a815878d344f60
SHA191e5dee74243384aa73db52944cf1c5edfadbfea
SHA25637d371966ae1a767bc82e292590790d54606a3dfae2d01294e7da3bfa0d196e7
SHA51262e980ad22af39c848f358e539e8d87ec3d4550ecb91cb06955fd09afd4940b280fe7aca3d142fd491f425bad169fc1c54ab223ce2dce7b5a96b181ffca21781
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5f516d0c4f92d2d6e46224640d263f629
SHA1f5cf20fccf3ce826463d7196ac6195d129adeea3
SHA2565492d179ad062d0f020347a936b46dcae3b2c17710492d30fe206a793e0a8d8c
SHA51211a47411871f01ae17ccee44167fe66284cde59b35e9de3c89228e5e2b92a1c9d046dc2866e4935c34c074e1dd345f8fbbe20f9360d6ef4d210204f024a88c80
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD504bf089756988114d9dbadb0367e5ec6
SHA11465064872f7ce05447784f4eedc8d2b2ddf9b31
SHA25695acaeb905da392879ab6c8257dcf4913a3a577a0b51a341a98447163bb14d77
SHA512ff7d11c5bafe75c19675142b56527b9621a9b7f4bcf39a54413aea140ebd47edc512261685663bd564f738c1d458d3cb7c532ed4c42755958086cd2d743c00d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD52f0048eff1e695ba213b4b3b5aa99e7b
SHA12050bf657b73e06a9ffdf0d456ffd085e380e794
SHA2569334ee2dbf813109085729c674a077eb3adb72c1b483c384bed45b2419335775
SHA512797c18653d63a75b97306ecfe03056c630a70258055e50ff0da7de831740496985a770ebf1689f973464f30475975a2af86a22278d6b0ed25397c7156dd92399
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD511ca2c83e9ac91f7cd47e43dd0fdf912
SHA1571a3316aae99522f27443f660d2809f267c962d
SHA256d81dd8a52ff90db0f9754c72f184edb4886d398022f44292a2f5871255e8f6b2
SHA512dc227e8dd1bb9a1a8b56422d574f23a470873d3841a5015fc0b4c2a5a63329d0a90020b75b34902bf8ff9c3e57e1b8de62266af84769843d902f7f0c7a808cf0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD56f13c0b96d4fd59d8e160e6f014b8bc1
SHA1df46d772785ddfe9299f7eec45e8e4f120ee2c32
SHA256ecd62bb51813d34423e2ea0eece909ed6a33e824eb8f7a200d02bc43f9d28d24
SHA512c736a0e97c719feca047edae5eaf73de8cd92d158f275f361de81f93c19b76102360607caecabce6e74846325071a19a780c36c4bbb16c0bd7f01a649c1e9b20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD52c2c0ced4f5fa1de442b224986a03010
SHA1cde8905e9a02924d6dad6b4f9555a3af27095ada
SHA2564ed525f0ef46d7f3365ff821a36290c1396f00e11dd96e9f71ed3caed7245bc5
SHA512a7b0f281d5d4aff93e1039cf52e9f49f23a1b1cf89ab84eec9bc3bc1dfbd1f7bb73b8dc4ebb027c1f7e7626ed6c87578cd45f853db0775e3538d60b8ccbf9480
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD58a4bc994b07dd27721ae3c0540a849c7
SHA1e204ba4c3e227bcc61382c5ab0e26e965e57a018
SHA256f613ceb0ee03327c3cb575466db981de7155353493db9c761d48980d05ae70b9
SHA5120bc2519bf09e2f9bdc347519c6347ad13488881f7532500ff96317f703bcc8ca68cf44e27d5a006d0f9ef4167341bccaff036226377e72c82267ae2a8793e606
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD51e0266e2436e836c59d785d949cb5273
SHA15c293283a51a8a83028ac23967ecaa95bc0f38cd
SHA2567893911b4acb74842c0f3e1b769d16bb03cb27b3ec5064611ffacd25c1f2e7c0
SHA51248aac921b6fd4a0e29ac44c829ad99a7379c26630b03b632386568358a9a20ba212429c607a73d6465adf1f5aac3c4210ce565abcdbb979edaad1d6778e97910
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD532d318487e395b83194b529002f21e38
SHA1fd6efd23f49c7ca84b323622221600bff1993def
SHA256dca2b288f94f3244fb6a2bf46a2b75d287d65644d2635c3a84f16768ffb111d2
SHA5122c582c508f61e0025cfc9dfc02ae00da7a8fb8e1c98e13b0e2075f8ccd84aacf8a91a749193d3882bc9fe23672304294e15743a1224f47f33066ef5f58a664f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5c8e84bf6d6a9a43f5c555f861ae84390
SHA1aa73c2d4007e69703a67e4398a2a48ea24b7d258
SHA25610473e5843432d21e857e7c4816978861f7154e47edcfe175c49ab2b3789d77b
SHA512d24a87c56b315e2e2831c5de7b552bd8fb4a66cd2a8030e133b965bcbf27aa7877fb936575ef9cb570035aa3cb3ffb2dd4be54469bef7cd19e4af7b46af82a5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5faef285c8c4c2d0a64e3d38eca9cc31c
SHA1541e18b3ee7dce943b114e87363b15fdf331671e
SHA2566ed480ea38014dc4f3ffc16f508531047ccf1b0e726a3673bba278815e524164
SHA5123631b6dc18e07c135ecfebec25556e4416af8937c02cdccee22b188e18bb67f7fad8ca2737507ae8e3fd6fa52071de39de47fc297f6948e6ab8309518cd1667f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD59502c2ef1a0785885c05ab839e59906b
SHA17178cb1ee0dfdf8bc8d50f8169dd130b55e5fb48
SHA2567d726ee7a673fa388c3cc4e251ebac0d63899d6a3784d42ee806205907b25e11
SHA5129cddb746fcc8e7365d229f4eef89978b123114038d1e575f13395762a18656a0b87a5b8d2b7a748ff5670a7d68f3b7852de9bceab069fadefa9b0f25276a29b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD599c1cc84c7b814e462461276cbd7b70b
SHA18ec6109f4c0e9894fb1fda111c39c71e5d3d5c6a
SHA2563ec29dce36b79a2440484986d916c31f1607c41e22ef29f48ef7665854cf2353
SHA512b3315ee2bc262a0ac7ca78158d8eb571beb00567a6cf72e45ac29885b81f5cfce57cdd1af8ce942717430887a91fc5c4e5582f89f6bec2a1c843f59092231438
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5010bf0f7a207444405a0d63dd6b6129b
SHA193a99dfb55570017e509110f575672a30190bfb3
SHA256b743b483ab70661037d8e990364ed8cc35a67d7939b0af4a1fadc60c7197ba0c
SHA5124ba4d718e8ae4babcc5ba6e5003629cef5a403f0f2da5889f87b8190c8ae6dcdfdd8bc19bacf311faa12d989e830a962b0bfdf35ad49e9373487a587fe174970
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD524d94ffca729ea96935c11b3341750b6
SHA16943295bc285e9e2537930450de49c79953c48ac
SHA256146953c899a8c9adad048ab9accf74a8d512d241f2654d9c9f5492a33433632e
SHA512da91366e650c446828137ae3754ee688360c5f90a302e5d652fc02df9adbbb9c4f593b6ecf22f916006377aba388add43ab7a95bfbe9233d275fd11c42ba9ef7
-
C:\Users\Admin\AppData\Local\Temp\CabD4BF.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\TarD60E.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
memory/2648-4-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB
-
memory/2648-0-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/2648-1-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/2648-2-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/2996-6-0x00000000001C0000-0x00000000001C1000-memory.dmpFilesize
4KB
-
memory/2996-9-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB
-
memory/2996-10-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB
-
memory/2996-12-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB