Overview

overview

10

Static

static

3

338c62948d...e1.exe

windows7-x64

10

338c62948d...e1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2024 15:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    338c62948d065986b16f3312c3ec0b66549e0d318e582c9c96d94e4aaeed53e1.exe

  • Size

    1.8MB

  • MD5

    7f456c29190f9c05b1e576f3ff34ede6

  • SHA1

    b89911ba65037b84803a84f99f77be9ebe5749d5

  • SHA256

    338c62948d065986b16f3312c3ec0b66549e0d318e582c9c96d94e4aaeed53e1

  • SHA512

    e4a9c31602477e4d7d1ddb9a4e765eea1bd077f9ead5e86f2452d569e62b02e8e676b1dd55f8a8412c65c897568380ce1607e0f5b9dc84ab65099460d05d041e

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09WOGi9JbBodjwC/hR:/3d5ZQ1qxJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\338c62948d065986b16f3312c3ec0b66549e0d318e582c9c96d94e4aaeed53e1.exe
    "C:\Users\Admin\AppData\Local\Temp\338c62948d065986b16f3312c3ec0b66549e0d318e582c9c96d94e4aaeed53e1.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2724
    • C:\Users\Admin\AppData\Local\Temp\338c62948d065986b16f3312c3ec0b66549e0d318e582c9c96d94e4aaeed53e1.exe
      "C:\Users\Admin\AppData\Local\Temp\338c62948d065986b16f3312c3ec0b66549e0d318e582c9c96d94e4aaeed53e1.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2036
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2388
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    29dd7d645e7b06bd9f3e02a1e2032da6

    SHA1

    8284aebbe7b8f5b32e5bbeefb5ed73230ba67467

    SHA256

    8f8826f02b036e8e7c45e986a6248f138c0e95832a7c4d7e3b69eb029d346eed

    SHA512

    b16942747934100ff861a6a1b42bf90896967122936e2a87a23ac3d13f0fc4ecc54a0dcd2c4a71fa45402bb9100c491adbb91d0c045f534db98bcf70453fe37b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad18ab69302852f8fdfb21dba726d75f

    SHA1

    006a1a533a3e367e1f4b410e8f657cabc1ffaa9b

    SHA256

    ad78e7bdf0f994180efcfe41542ca064dfd21f59089d00dfae3b1ec1d48347c9

    SHA512

    8d9ea6bda98bbbbbb9347663f12492535c447425cb2ca773823febb258f126a646360b3118f0c04103ccfd49ea122776886ae2a6294a96bc8a138bccadc0c877

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0215592003e4cfea15496f9e1c15197f

    SHA1

    7d2c32ed5f3018c33521f4b3d12121efc3f2de7b

    SHA256

    208e039be4c92eb2717cf9c033f25c54a8d00cc68d4b07a904c1a9aa68cc4f92

    SHA512

    e85cd569bc377ed9841276a00e22047ab297828a88d6a711d286a6d6e3fa93267a563475a31b1a0e9115a7846a0eeae5d3802210bc4fc507a86f0dbf67cf318a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0e5445b32bd9ce659202d5b0cbbb5bf2

    SHA1

    218b5f9ac0b65d6a6a854d7c8a9185297b10814f

    SHA256

    f84305d7c1de4d8833751c3fe44a1b5fd8c4efeca1f7400a7cd6c7394d8ae777

    SHA512

    1be0007357a180f4615e3fb39a956d3d6402a00d8e29de6f2c7507a7a41227c89cd3c1c64d45c0c71e6759b96c9e882bcb2011a2f66e65e2bb31396109be93db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3cec7bec27fba2166057102f81f9bf1d

    SHA1

    3927459b49e9dee70955345bf2b51e654071a689

    SHA256

    4715e07cc04f687900ec487e57b1e20a85a50362d89027d3ef3adf5a0ef560af

    SHA512

    8f6be8807799b0dc01cb49a6ebc15c5dcdc844ac19684dd70cdc30b8b185f0fc46df5bbf37697c0554b7bca1c4fd874e7485d14bd283c6d1f7edb170ac941d47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    257edc507d88e2b44415882ead1faecf

    SHA1

    393fac85f3bd7b702be92aaaa75a38689d3ccea3

    SHA256

    141e02936e6913b5e2c3d598ff97abf340f3569c883a6edfa2991048baa42ca1

    SHA512

    aa1f9e79f472c13c8d82ddad88823a4107156330f59ed8b37e4e13e49d2ad4aef8cfa1cfa58e3a490e91e627d732ceec838114fe72bc04cb9db69a97612cbf8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ec929c741af10700caf1f47ac23c181d

    SHA1

    647fe9dcb6d6dff3e3866de7ef1afa48d587499f

    SHA256

    36bf8573a8964ddd88598101f61e2b5b3e5cd3d9776e38454e53fd0cf7130e6c

    SHA512

    9689069a06bef20cb1635745af7b05e9872b676640bcd1cc2ae5de49b7970a628b27c80c3bdf8b97d2d612c9768c8ad62436108b5bf2275f29aff6bec4d60926

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab18D1.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1A2F.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2036-6-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2036-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2036-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2724-2-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2724-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download