Analysis
-
max time kernel
120s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
23-05-2024 08:19
General
-
Target
be0173862bf8aeb4a4b2cbac206b9696bfd367f84ee70d25b1138fdfa04a208d.exe
-
Size
1.8MB
-
MD5
cb4ba6416cde10601ecab0c757c5e03e
-
SHA1
ec26d878ac04f33de2966a3bf1a333c1b7bd3283
-
SHA256
be0173862bf8aeb4a4b2cbac206b9696bfd367f84ee70d25b1138fdfa04a208d
-
SHA512
72c163a50e9f29f6019be181ba38fadfde8788acc392815661754b785bb4829b11a520c1c318357259d0e5a1ed991100db145dfa1dc9d74fc5d2bca6055327d1
-
SSDEEP
24576:R3vL762VhZBJ905EmMyPnQxhe4427l9BoUj3QC/hR:R3P6UZTHMW
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Drivers directory 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\be0173862bf8aeb4a4b2cbac206b9696bfd367f84ee70d25b1138fdfa04a208d.exe"C:\Users\Admin\AppData\Local\Temp\be0173862bf8aeb4a4b2cbac206b9696bfd367f84ee70d25b1138fdfa04a208d.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\be0173862bf8aeb4a4b2cbac206b9696bfd367f84ee70d25b1138fdfa04a208d.exe"C:\Users\Admin\AppData\Local\Temp\be0173862bf8aeb4a4b2cbac206b9696bfd367f84ee70d25b1138fdfa04a208d.exe" Admin2⤵
- Drops file in Drivers directory
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD507c0fa229a5e9dc3536e09ece3fd2650
SHA1a4630705d3d19914edf075505d223a665a884329
SHA2562769f62a1604b90db90ae0a81b7bf35ffb7717b8e40081bd868f31c45998f252
SHA51216c842e44d604393d10e9391a157f1c91ee612b17e16c0a9f9a547b741ca4842bc2194bfd0204443ea1d1a7c5d16d77909c6f8b93c6725375938566d4b96f961
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5ba3c940ea4fadb26ad3f0fed01feb5d7
SHA1b4fc6778ba84258cd3d12518911ee20b90cc08b2
SHA2564ae7f9ed4fc742c0a051aa461ba719b6e2a9e80d432e37e1f7657a95dddec2b4
SHA512ac5fc1310383bc90cfce75dc82887c2a888ce1ecac354a7336cd068fea7a4847ec1b0c3c912d627df9e112373448633acbf57a7de6019d2c6afe84aad9ab44be
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD58fabf4e1a0d914260b7f24e657cb3414
SHA1fa534fb6313579057ea429e4c4f69387304ac555
SHA256b05ffda6e852c6ac04c4987ea2cfd7b5d0b5ebf3459fb5dede8842681f5d17a8
SHA5123753dc8ad47ccb182b77bc6845a218c1d4adcb998a245ba863588c2ab17d4a690eb734407ff0f8de1eb949e302f0d01f7439a074f6a4b402fa836f293e845f12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5d9dda292beb9cd490e0f23bcc9f69889
SHA1e9a511d70d05df59e5258cd61593296d50a3e3e3
SHA256d5892b0d6c1b31a310ae9ad9775c21cfd436b708fcd883c1ee7cbf35b5b8144f
SHA512e34ef743ac0ef5f08ef4cecaf13fb25db9f5024618ca504364c8fe2e0525faaee3ce0744a2f87ef41f8241521c1ffac1325fac694c34a2edbb7795e475895e8b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD57f37c1080796e696e5dea6e2f8efb1c3
SHA11317c51803fdc6c98d46f931f8b425b36d7f62dd
SHA256501c933625e9395fe48034edaffc2ce303537a995fb7768e696800fd4880756f
SHA5123bd06615d1036a74253a2e4d249de52444516270b660b73dba02d5f67abbe0f0d8762d0a562b9d11d3484e7cd6f4f2000a1f170c8db5bd4e57eaafe256704b9c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5441af9db8721911b3965b8fb419054a5
SHA1bc1e1f02bfbaa0ac575aadf7a89a6a8679603d59
SHA256dbec3b9d0c16841fecec790784e47364e3a670be9cbe097f5299df1e7bba789c
SHA512b4bf8890c3a0ba2377cf2423b9d86490cde5df01b134a2cb6bf4334d03a9467961e27ef983c90df76f7bf59695d6a6458be69c9fe87698cc22ef8aabe79bddf6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD506c1b04ba15bbc285dac7625afbb5dfc
SHA1b5036cffa2794ba7eeaaf40bc6d8614a5681116e
SHA25679d75c7a5d1de5d2fdaca7e36d6c8a30d7fa4d7137d91205802c165ace213dfb
SHA512066e1f68f151c18b8ac1e3eb6ba60ff5484a2fb97614289cf484ac56a663c18ab18541c903efb22ebb079dd24561ac3145bf3c4217c4e8ee9cec41f8cc3ecb9c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD56c7b59eca33acab9a1502140b78fd57f
SHA1673988e47890afff6f68cb6b29ed80db424fd072
SHA256be56284b800aa4107a2efaa5be3e950bb972f9694568dca50ff007267e61b3ed
SHA51234cf34a44cf625d908a76546894d596ffd07406d79b89328e95dd4d96bc70670bf9645c86a72b816c560f89fe0bdf565e9db82eaf66a3fdf1859b61c0c9fdd74
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5cacff5baf95758e4ae14e76ec98b665f
SHA1f58f31dc72979660e2544a2ea6d91c5793d78b5a
SHA2563a9a77c1fbdfeb4f1afe938cb27412e5047639199703d7301fa1c447ea15b4b1
SHA51206dcef8843d8d70ef1506270e0cf027fcf33bcbc8f517d958e4606cbf0bfd22f7a857365422c9ff198839da181f1c470b201db2131ac39bef841229b737cf33c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5fb9a25dcffedc9a031227042c13b1af9
SHA1b3e4fbb86e0f969d08d5c092b2e5754f63d6e8b8
SHA256a37d96fadafd31d2d4d53f5e7416a853c0bce63d99fd30f73c8256e16c452f22
SHA5126edfa2e61468bd92bd0fd571cdd811f6a662d947bb9b26391461c74d6e4d9e550d5d2b5221d3767a3106485fec0193dd97990956c6ad2d1bd6e8188604e33038
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD51eab0b9697fa5bc92656fd7c50a77bcf
SHA101ce02c712461d56a184653cff688ce26021ef50
SHA256ee1669fbb5976a78f4c74c046c150ac3eab51b5723801c07dd87b7bbcd45e2c1
SHA5127403e2bc22fa09792e9a3c5b0168737f8091a9af2db58cef859676c02edd72bb19ee816d033d56f95f36484598d455749d97f4b69f3225b1619eac95f19fda34
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5735597116f9302df6d024282d3ffc806
SHA13e212e1a5213c0208eab0a3a4aab93d66ce536b1
SHA25623e634468fcf3dbd97e991088d9bf6be611bd649cdf9c09abbb7a7495fda9418
SHA5121288a64ac4e61d1afba78893f20da99409d028f24bbff157941be73f9065a9dc70f0ea936e7d85d5786168c2c81a7d83c12751f18220e21fbfddfa6899521cd5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD53e075fff219128a689c32bede45f544c
SHA1060c183802f63a9c0a54f2729e4ddcb039895c3f
SHA25694e7eabec662218ca8c4d6e1d7028d12a4d6638e2666e2154bbc58c6e1b88998
SHA5122267fd3ebc13c6e9e2606cbabad8996a794e00116b6c598f8f1f09ae124701b7c2f54055e63bf52034017b99af2fc57c3049664720ea617db11a85aff2c9c05e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD56ba83290aa7e82c8d85320ecb224edb4
SHA1b9637deaa821fb5a8ea369185451864826e1b9ff
SHA256bd3348355f09eb5f27e23184a63fbc4f6f37b2a1df50ec021639c9f315c7bd80
SHA5123ea8f5561ffd74ff4b1c7e402d08a49e7e0fabe121af3022f798e68f8feba43b1e5d38f3747c840e6f7d770ff3a2ee56f8260df7c6de4a04f3f67b273f63d868
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD53847c0c39ee236cd9c68753547e15827
SHA1cbe93742edf0f77f690594e5095ad68649ec4269
SHA256948e968d4c1e90a90827693d3765178efcc598e49943321e111896f137913b7c
SHA51287594864cd3b908ea5c8ea7b4a504f110b25bed2a309e3f381e0251dc6395d93b01956b17c952dd84751ee40cad837980bddb20f2fc496fea578cc82d4b9cead
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD502f1a3d125141268fcd2340b82c18001
SHA18050028fd5d57055b32a92f7d587c560e02759db
SHA2564186281a19dd13c0ab6137ca7be31d334e4e93eb2f0f0cac6338d40a36de236f
SHA512c2403ded2292ee3c33fd727071c4653122ef4d1a1cbd33baa8eec9f2cb5f74dcb04f1d4d3ac2c358f141282240282b5028976201bef94475e569d0c6f6ad3d23
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD533a9d0d13a62c67725848e2855f8f99a
SHA115d513e3748211d88329a443d68a2308516fac58
SHA25643de5a8c970b66021a8ee56fad300fa873f8191dadafa8cf936a2b2b3f529d4d
SHA5124afb4539bbde6780ff630c2a72770c73bff8b3c666a85e38914d0ddac7b6f573ddb1f13951502a7ee67fe2d41360e5a6926909f259b5e4ff44050210a27f1fb4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD54f81cb9e3bdf7ccbc133d2262f114140
SHA146ddd766cbe61b774f75ba43815e830175d43f8d
SHA25628e5250926f912944c36d955b64b7113a16e2970d5011638b0a1f419096f5f9a
SHA5126b5804822d9e6ad41c9b91c95b924a85e4502afc1c2f7729da0890a49d1c4a81f96135f4031b925a2cf1cf89bcfb465eb8eeafd51d1a20ba4407ade87065aea6
-
C:\Users\Admin\AppData\Local\Temp\Cab428.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\Tar529.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
memory/2192-9-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB
-
memory/2192-6-0x00000000003D0000-0x00000000003D1000-memory.dmpFilesize
4KB
-
memory/2192-11-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB
-
memory/2740-0-0x00000000001B0000-0x00000000001B1000-memory.dmpFilesize
4KB
-
memory/2740-2-0x00000000001C0000-0x00000000001C1000-memory.dmpFilesize
4KB
-
memory/2740-1-0x00000000001B0000-0x00000000001B1000-memory.dmpFilesize
4KB
-
memory/2740-4-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB