Analysis
-
max time kernel
147s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
23-05-2024 20:54
General
-
Target
09588e6a908417b6b48d556c9354fb296684e03e768008dd55e9e0650e3dc61d.exe
-
Size
1.8MB
-
MD5
3d293bddd583eeb3dae8457eb557144b
-
SHA1
2c7940457c824d3760a890708bf5d769c2f32caa
-
SHA256
09588e6a908417b6b48d556c9354fb296684e03e768008dd55e9e0650e3dc61d
-
SHA512
64ae350c1b4a457c3d5cf668205e937a075d2eb8b5f2b0279d441230bd32b06b1c5fba284b8ac150e228e40c50311b33fc4da03699c053c42a3b491769abcd83
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO099OGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1zxJIiW0MbQxA
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Drivers directory 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\09588e6a908417b6b48d556c9354fb296684e03e768008dd55e9e0650e3dc61d.exe"C:\Users\Admin\AppData\Local\Temp\09588e6a908417b6b48d556c9354fb296684e03e768008dd55e9e0650e3dc61d.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\09588e6a908417b6b48d556c9354fb296684e03e768008dd55e9e0650e3dc61d.exe"C:\Users\Admin\AppData\Local\Temp\09588e6a908417b6b48d556c9354fb296684e03e768008dd55e9e0650e3dc61d.exe" Admin2⤵
- Drops file in Drivers directory
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD551e41acb4440b1d51bd66b929e39843e
SHA18f7283e8f0bc6332b66d180d04d201f274d8fbe9
SHA256ec7d8bd502b76a7e55c98d701b018b24d589d246e2f97f68414b1240ce6294e0
SHA512cd2a9d8dbec7b29219ee311056af914652e95ad8e4dd539028ed816dacf28138561b6f650f6fc45ccf8ec937e8d46af1df3b3f2318df348f6d694abdae3f67c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD568a47f62acf08e575d5063b600d49763
SHA17d91df096c3a5c14db98a719df5f53aeb9d0fc50
SHA256ef72211e9944459562078f6ee4c0291250265bea184f51e20606c7847399e832
SHA51287d051927424d08f3f98cc32f75367ae88cd111c0456b41bdcd9c43a66fb97d5048dc13d2f55698788d10d1e6f8c759803fbf7958b3b7da3f6d79b4eb336fd08
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD50cf301fc2ca60e906c08a4f53990232c
SHA125f6ca483ce97494f1ffc6a251062829ab5307dd
SHA256dd56a5f9ef8d4b0dc44a693aac61e5fc01c1131094fc1d893f0963eee37a4383
SHA5127cd2c3e55101c30d8d2a9f59adbe892fc615f3252c7a0982f20bb784a1d9dc60b0e263044c77430979ebfc8baf92a41847e03a84835e3a7a997b45d67a428323
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5938ba12b787228fabcffc32ffac76763
SHA1aceb349bc0106859963e02131527ee755642cebf
SHA256379ea36ab89fa7e9e7cad5a1a44f2515c5aa49b6d1aa5b79ccb1df94830d568d
SHA512cb0b9ce152d26db8f90f7f582b866a1eb17df74df549d0e5c3d27bbccfb36c72fdd8138c9e1a0b4295cab48c2d523077bec912b3b7b8809825dc04a85758c1a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5ce72b3f08033b86806d280f78d34d645
SHA1bf33eaef035e4e723e9bcdb454203381bd61ed3a
SHA2566e6d78a0b887b18de93f636f6c5f988166873cb73df5b4986135906e74509455
SHA5128f9e2476ac6d72bc7d51ea5e03c76878c2f43b2e8e54366ad8758ad93a4b8faacc104082f3bb4bcf1d8ccd0a5289d65ef5f8c9e7299036a4372f6ed18700fb02
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5faa917c4530a3ab503c9c68c83f9a826
SHA150e09f45a50282ea175eea0906fdb7a1acc960e6
SHA2567627880f816b5d9257f75fb77308a0559a565dfd455486c4346da89c40aa0427
SHA512473609f7157d8b944450136d5ceda614c1e04ca9315d4d436d7170a3030e83dc2fd4674e8788f7d4cd0c2f60dea62ee56928bec5cc941a5b42a68dce0d186e97
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5ef31106e830080a9274aacc9ee79b8fe
SHA1affcf8af3e5d8a2f4fd470ccd75a7f7b08eafe66
SHA256f71c2b5a589cd2848f79a7c5f21d6a8933fcc7a02faac00588b7f92c67ab95b7
SHA512aa4e7c3541eb5e0586a25c110ef4a82aa7adb204b455f9e541a532eb1351e4ede99ef4e1cc73f3294335cc3a53d8d7b2c6c12980acf67aab4c97906515e2284e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD53e5b69ba0bc6244d15d6b1ad7ca38e61
SHA12fdb5f29c7b8d8ac808fb06e0b5c70a2e57b0506
SHA256090629296d3927e049725f771aecbb41721630f20950a7052406e062415624c7
SHA512fdc723866ab99b470d755f849d41ba0e4e8eefd5e0af428d5f73adcc31fe560d7063a37b103ea515ffb94834b4063103db0122331794a21e9ea1ea854306cc3c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD589c2ea12611570b24a084f7ae3d01541
SHA1b00e2651fb5b3b9183c38618bd6761bd8cb936be
SHA2567c9b4a70aa27cb659e736287a65d62bfc3cea64a8d8ae6d45f6e5507e4b4af7e
SHA512f73a96efeb42796935cc4e59741534099cc07b2392b8b1ebaf9ac756814e12ef92fca71bf2192ed152e99434afe5e8107d977bfb3f00e548ee837009f03fd3f8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD560186eb1d9e2351ce6f133a569e4cb91
SHA1ccf6bbc2d6130afbaed37308128bc7034d8a950b
SHA256c8c1a5efd4526066397b994457984ebb71c47029709c0b268ada6fc3717458cc
SHA5124e5b564da4a27f7818b3a950adc8226713f39ac94ba1a731381e9ae08e666755ad4a6a8412b58b2bd67e2433f62fb299f34a57c446d608ab01e7a4b6372e8505
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD533cbb111e6f3ec4acdd00ead5a6634dd
SHA12c803732f1491a7dfc1c86e4b1a816d850ee496a
SHA2560227a9a3fce3c0dc59b102e8aa30c21aaac80c0f6e874cbbf6d830ede4d0874e
SHA512b1deeacdaf1bdf7bfb85415e625971dcf8be8e1b5297568f35e2bb69abb4d6901db895be3f3fdf60bb9e24dbdcab02adafdcbce965a797a36ee4c854e993afc9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5922a2bea592f22589a0f0cb6228683fd
SHA1128a406476929d4d098ae4c3f6a43d136367eed8
SHA2561a09db4b092bfbef742629871ac58bd2f7426aefa88fb34ba497e76bd28fd86a
SHA5127516ac8c69fe69186ecda6501e7587ff3178a46bddc0d3fbcecc39500f83f0203c31862dc2c4c16a7de1e0369e902ff3c343bbec54da72e908f5ee348e50470a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5de7826293895807aa94a229cff7af436
SHA1e9da533a94e752c024d439a9ab84a91288f8223d
SHA256bab2c0e43ca6185bd1c4b51686dd20a54a8e48a57a0d210c030859f53e4edeef
SHA512471b07066a8b39b060b9357942ac0bdce871cf13636267b9aefb2cb15bc4fa0b119eaa941f0db3f6e51dbe2eb3541419c1573bb67d4ee186f0cbfb24e6d176de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD526c24d3fe5dc4dcbe48acba506723998
SHA1193bbc9bf7ebdd97e81a625048f3331f0f74ebc9
SHA25615221f8cc50f7d7ae0b3a6a4413ed4f332c4fb40adc6b6c5a8974b572c05dbcf
SHA51273be723ea4c49d00f09796ce4faa512f9498849bdd081cbc1dc114c8c758d6688f064f14b8b40e2f057b75c7f9aeac79e96e2ba1707319e45e4f41a43d6b2461
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD55404e6969ae60e2d99b6dd2155e46120
SHA16ee031fcd55c18a2c49224905d48ad0c34f2f347
SHA25602b527882337ac4baaa2c8e8a7c18634370facf2672cbc062bf9cbaf7de1d29e
SHA51227bc9cd65622f10c8afe57ed3a7fb022198fad085f1f491a005b0b1312e4d06bc9e7a1a59c6229da05f144778745212eade19c93f9a174129120bb041fa32179
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5b79d652368a0aac66a0a92e9daecf856
SHA16ea32c9c1909598ece5e62b2e2792ddc7c1b050f
SHA25688347a81c498fbc0e0aa1b206d639b81709344cf60134d11f576cf17ee470772
SHA5126449d3a2b42ff813e1a005891b39991304fddd1e5e47ecd20cc13ebc8a77d01b2fb7e66275e6680566f4e62fc312a2ceee1e1c1c7369f17217411c3f2100003f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5e00f5c31edce44103bb3b33a4a542eb8
SHA1e2227d2f6fa26576f882e9f0dd34548bc21bd54c
SHA256e5e0f4154f1af4cc8b95e4ed5d96c51e2a118958505a9f86fd35863a33ff87ea
SHA5120b021c088b474c7d3da0e52a3e4fb2c3e21a64373b3eb0270ae21734a964bc71bf1f301db56f88812692a502c936b2f31455502b6b41c5718b45991baa2e24f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5a98a8ce8414e6abff157bf1e5e62789c
SHA1fbf9c814788cf25fb28ccaee6e326c9f3509a6a3
SHA25665e4b322a80b2156857ddb2f8f243bb229ffe6045c65cad79164e63b95c055e8
SHA512ff8690b8be9fc6bbfa6139ef7c1e54b15df5d272db0c7584eef6b3efd4146a3ea0a8ceabd486fad77ae00f0e6cd586532235dd61b38cf3762bca56463962eb6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD59fcfa42d580a9433add5ceb7365ba621
SHA1cb42163b537dd91e0c955f66fd5d4d8208de3cc2
SHA2567d3542719bd23814e1546d251b313768ceb5750be9b97bbf114f8f641167d013
SHA5124ab693a2863fa72d2de0fcf8318a47f4d996b5931ca5862e981f82a49b36e11a753cbec687e363143b27f60c3942f3f9bb7630558ed7e334b72ecf4a0064c2b2
-
C:\Users\Admin\AppData\Local\Temp\CabFA86.tmpFilesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\Local\Temp\TarFAD9.tmpFilesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
memory/1612-2-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/1612-0-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/1612-1-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/1612-4-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB
-
memory/2888-6-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/2888-9-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB
-
memory/2888-11-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB