Overview

overview

10

Static

static

3

18df735af8...93.exe

windows7-x64

10

18df735af8...93.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 04:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18df735af8fc13ff1cae170c10482cd2b2b124e70bbf30b10dbc3a627edfc293.exe

  • Size

    1.8MB

  • MD5

    e04b7b5ce521722e5ff8429c089899aa

  • SHA1

    65e8a8048871ccf44d32ec3dbaaa98985b9f9f09

  • SHA256

    18df735af8fc13ff1cae170c10482cd2b2b124e70bbf30b10dbc3a627edfc293

  • SHA512

    d4b55eb7414196510abb896b317d9f52dfe9f1e2fa8cc5414e040da8cfa162f545ae2dc40928cca1b01815e55f3b798f6fb3935f7d7c73abd61d5af5522b4a28

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO093OGi9JbBodjwC/hR:/3d5ZQ1NxJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18df735af8fc13ff1cae170c10482cd2b2b124e70bbf30b10dbc3a627edfc293.exe
    "C:\Users\Admin\AppData\Local\Temp\18df735af8fc13ff1cae170c10482cd2b2b124e70bbf30b10dbc3a627edfc293.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Users\Admin\AppData\Local\Temp\18df735af8fc13ff1cae170c10482cd2b2b124e70bbf30b10dbc3a627edfc293.exe
      "C:\Users\Admin\AppData\Local\Temp\18df735af8fc13ff1cae170c10482cd2b2b124e70bbf30b10dbc3a627edfc293.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2020
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2456
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    46e7220138d90b2817a826fb241e8526

    SHA1

    39937dc819be59c215ce0283fe3f2f1a0967444a

    SHA256

    0ae70a05838b61c52c6c944d301bdd0aa06053ad6e18797c1e5c7379b3aa867c

    SHA512

    cc581b085a444a7fe836a36a582c2c3c42de6c99814ef54d3cf9852c8315e47b5783cddd9657557c0a521c73665b7e32b40ee3585ef996c781ff5496bfbe463f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0e437676d9cbe6efcd389d8233f20f8d

    SHA1

    13ec17c0d1954ac546ec075c73d8ae48651c44a4

    SHA256

    67ae0913095dc4a69d03d2707236ee5be7c71a1ee9610f5479dc973cdbd44310

    SHA512

    bd33add26dfb0f17df103dab150835823e8a9062435a1bf74ca846e89ee4d30dcf91d151effc7ae6ebabd9d9e52131e5d8d4df9921fa31b1e3e60a73551ef22a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a87d256d6c8c1a92ee9beec05d8450e2

    SHA1

    bb0ac0cf838b4139cd8f4342b1c37b8aae2a377c

    SHA256

    c3e9ba7490422fe19e00f95dccca9a2e3637236a70a6b6495431830acb100a49

    SHA512

    63c79d47805a429e7e8cb46d7c68c8e673bb48580ad3706d2ee02a9ad09b37bc3d5693d1d4e05313ff4099920484e331d866a71400603a2ea04e30e58801b753

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    987491999f3a2b776e84591ad1564cd9

    SHA1

    41a889308b32b9378e8379255d47ffa1ddc2ae0c

    SHA256

    f48271b82758436fe5c8fdd1a26f6f955aa66b517c01e246b3e50b3ddc0f6b2d

    SHA512

    75c5b125408f2a0ec38ccbbecee003c1e975fa2191d7305c23edc8f510fe770183c4ed96eea20cd53a2a68a0ff7ee89b15b9713bb262ea33563a83c9d53da209

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2a9425d3e251a8a5c8f208017cfdb6f9

    SHA1

    a1556e33749c09506e01c8344220034c13a11f4b

    SHA256

    b3fe553cf96ce5199f0e8eccea173d127961fbe938de931d16c7a12c78afa58f

    SHA512

    f1659a963b4aaa35f32ed654a11fbf16da25ab7c3fb3d9d9ce2fb31d77634bec54b7990753a691d71dd6f9ab4abb3ee2460e6e5ab4f68f9ef489b27033fead95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    826a4dbcb17b71eb84d40edc18f0f479

    SHA1

    908c425d0f24b3d2e0939a6ea4f0b0f278f1e915

    SHA256

    605d1d0defdfd65d5b6e742405130e5f21ed11043ac5dec212190253ed33d59f

    SHA512

    b73b68cb8745e33eaef950b42d1f998d383255e11c0d1d48cb8684ab0234c94ebaf312fd331d48e5880a6e6dc5cf70ee3e86674cd6611188a51cd0a167ad9f8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cefcf19044305c0cdd6a99d34c0d8e46

    SHA1

    dd5cefc3e17708f4a79219d5b2c764c2483f6390

    SHA256

    715a58e6b5f28a4d331e698097f4cc0cd50d357dc69ef3c53bc851a151a91306

    SHA512

    77a9e5d8c9b6c58e7f73c4ffa36e930fb98ffdaa6b653a28c889e095608b171243e9a86b2644c56677b1ccbb9191f6538b82e490fb6d7b8ced73c8271686d764

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    11b58b1c0ba2cae6852ffad85678b72f

    SHA1

    cfd0d3387122a9b024d0326f4a60d7930b4f71e9

    SHA256

    5345657ca878b848b117cd860e0eed823cc79dae07b60b8310f0f8b4302c2f6c

    SHA512

    ea9f23d6613f334459ded1f05b7003bfa96191d1c8eee897de0e4222d3ef16bb13f7d7a1882346545b3dea53ed977631c8c4d81c5898fa04305a2ecb1108ab4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    686e7976ac63a1ee159a525629f50e62

    SHA1

    438d8b11face77d56b1bb7e2266593c29c185738

    SHA256

    24b144c145872f8dae7eced36a455358297902bccecc0dbfcf67d5411c873b6c

    SHA512

    8e981e00fef955d5aa91df06317b09d99b19f083fb7885f5a0f5eaf3477334829a6d0339f811697186354444a61b24c211463fc2c6254ad779a6407d97374e16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d5b5f3cca6855de5239b67f94b46ca99

    SHA1

    2721f204fbb6f732661df6a91a3e6e4b17d26986

    SHA256

    66f16b743beeb0e72de173f047ed0a71116497e9ed3f72372081d6a0ea575935

    SHA512

    49131349f4a5e9ffc19646d590d758bffbe43e82b8400b47b30abccd4c5669619c43f0e9e4173811905ded39bf1adadc44e46d23ee6f841a167fdb3aa35a87fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d9ca22207dcea384bc57ee191820bf34

    SHA1

    f38393ea2e63ae368b2de1a4bb19adc804cdd440

    SHA256

    3f596dd07e26fbd02eaccd5b089c9961228bdd1207e0033f4375e43faf0c2699

    SHA512

    2f21aec85baa3bea52d29c8d1e695ef2937c29558aa5b5266c9b4fcd7809d3a5b8b33e372cb3f8e2b51faa5a27784ddbb1e835d102d8dfacd0c98c0abe101751

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    76e8cd9f697ce85584e580616b694497

    SHA1

    9ef0dc37ad0937b0cc87acb7dff177b5a18cf2cf

    SHA256

    99d5a484b39bcb63229a0a97a79cb836ed5e04d1398bbd1435d09dc0b9680063

    SHA512

    8925ab1391458f6e2f060ca2e12c671a7e06b0d2edf175031f5784b476e513827ae74d2a8c55401c20876ce013c1bc6b4d67688d31fe7c0b6779de1da754cd83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    61d14443d54252bfff4955c48f25bf90

    SHA1

    03a8145a90b2d2a1ded063dce431c3fa96a7a0f9

    SHA256

    c2785bdf3192c5ba549cdadc9b272772034a4aadf18b0e2989840fcb8c5f8162

    SHA512

    dc82c6d089c858d7d2ad032a7db925953563fbb218a2afb224e16764292ccba99566892771a3beb90afb30e2f5204e9547eaecb7a0c2f63d2ce8391109936dbe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    90dcbfef9cb1f904bc6995001a3614b9

    SHA1

    70c754a94b3179c2f5c49ee5c06ccd8de73360e8

    SHA256

    b432e8678af338b2b6ccced3fca3e910ddfa5baa33a7a513985252483e061077

    SHA512

    bb5539f1745e380e84782d6bfb37ba02f846312e9f57493649a24a4e20c80bbec03d55b2caa13d606fc873c8f410885e8fbdb050854c2f6be378d53a8b2135f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    154bbce2a157d8a1f9468671792d1499

    SHA1

    7ae55da26f2585cde9778be5847771698235e97f

    SHA256

    94274c8ce3cddc8331884c61ccbf812f4ceb7bf1e35e87a2bd53b73d73e97574

    SHA512

    d7fe81b5932ccf17408c0689763824063414e6daece38a95e5cbf0069b93b7718e2e8e98a2e1f39136e69116081c0b2b7423073c4d8d5436a8a3a1bf404e6286

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4628e316d1f74902cfdc81fedcb95d9d

    SHA1

    ae9c4048218ddd42986fa6077343dc715deecd44

    SHA256

    c455ac1f8758f011102275278ce6a4f1cfc85958016000df55eddd01261a2f17

    SHA512

    973ce8dc9156bee93b16772905ac029a475a78bf7f45c6796340b7c3c58a7c69ab4403a7c4cea4d8f6ef191e531cdd2a737394973701fbe8eb13c75916047850

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    182f2a4cfff5faafcf041143cf4cdd28

    SHA1

    f71c3ebffd6183fe0ae73ee185db5f4f85262a97

    SHA256

    3622dfc305d3812a62a3ffe76c66cb74ce28582dfaa40e63180e0f753cd150c8

    SHA512

    e335de96a0ec5cbd5dff3d8c1813387feeee202bd7c651586e5395000ab8c5cc4a7be67d2f35cc65ca53f2da75057adb0ca0710a55a81ac2ed74f92fe7b79bb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2db2a236fe47272c290c45a94f39da75

    SHA1

    7887f33ee87cdeda2b64a0b578ba7c9e51760b61

    SHA256

    20fda8a1bb3a39fd34dc141ffe9e9b0e18f53a21d927ad716666f8c0bf849300

    SHA512

    581919674376de917c3e05d029377efbde8e7bdb116ceaec7e524548c341d4dcf99404f44e697b7915ead2b6cac206cb3753bdf2cf1396229589f04b4be8a98a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFEFB.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFFCC.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/1936-1-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1936-0-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1936-2-0x00000000002D0000-0x00000000002D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1936-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2020-6-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2020-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2020-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download