Overview

overview

10

Static

static

3

26d2e5fe22...d4.exe

windows7-x64

10

26d2e5fe22...d4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 06:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26d2e5fe22606c4bbaf349fc01cd47b8cadca7f25cc4938aa695761c009380d4.exe

  • Size

    1.8MB

  • MD5

    5be1c8d0790b735d1545984386d5815e

  • SHA1

    8cd41a99376903b5a80229412e7613c6058481fc

  • SHA256

    26d2e5fe22606c4bbaf349fc01cd47b8cadca7f25cc4938aa695761c009380d4

  • SHA512

    357de79c81693860fdb12fbea737ee06cc50337b0e44c99e255d1d0bb1b4e5bc597a32d6d64a6ffea64d0868a5d9d33e0f3fbb777205c5d202a7c551ce817e6c

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO090OGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1YxJIiW0MbQxA

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26d2e5fe22606c4bbaf349fc01cd47b8cadca7f25cc4938aa695761c009380d4.exe
    "C:\Users\Admin\AppData\Local\Temp\26d2e5fe22606c4bbaf349fc01cd47b8cadca7f25cc4938aa695761c009380d4.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Users\Admin\AppData\Local\Temp\26d2e5fe22606c4bbaf349fc01cd47b8cadca7f25cc4938aa695761c009380d4.exe
      "C:\Users\Admin\AppData\Local\Temp\26d2e5fe22606c4bbaf349fc01cd47b8cadca7f25cc4938aa695761c009380d4.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2516
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2588
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0262d9e70a430f92a7a7a6a16a9c48dd

    SHA1

    a7928ff0083394bbce9c79b4b969cfc6bd6f8a11

    SHA256

    3a96570cb219fec7ff08b13e0e5be8e1cc1cc9f2f63ce9d1e35f33727c51fe29

    SHA512

    985c235d517172cf6c37a4a57c3a706cefded197e76e1fbd6a680b6bcaad384d48d733baf7992717441845ed537a624266dc39993acb4ff97f6a379f79dc2f5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42e8fea75cca2cb8ab362bc0b29b9362

    SHA1

    5b4ffa8902e7f338fe062a823a905ed1d6ddc867

    SHA256

    a743841cef4351eb71014bf8d8624a6e09ae06073d88b8ebac697fcbaec43892

    SHA512

    530a529d9219977b9f2276856cb9211c995721e10d3bd25dcfec564f154ba6d950d52caec752e06d78b5e67f2fe5117cd74d526db6851b9f7dc9318b4996ef21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e866b2a07fbc73a25de3c317228aaa0f

    SHA1

    644dda994a0f8f84b4af425b72217661d0a1e741

    SHA256

    1cb6f4b93e27702f90dc6bd551e518ef2c2950d262d59abd655c6e0b3fc5a00c

    SHA512

    487369a9b9f165f0353c59d9b09b07fbe3b4d98bdcf498fb4ac803cc2ef80156013273c95deaad01c90e6363159880924879976ea31044ba8867818af403a874

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9abfa8443cf31404d94b5d63420bc47b

    SHA1

    94fa30e824be725306bcf78efbe8f11a29a3ca42

    SHA256

    49b0790ddee55650c2e45ac9241fcb3034f0081c407b752a51124a024c3fc824

    SHA512

    3090e556aff987332d8a996c6eefa566c235a13a735e3ad17516664a985075d8c9ee69895a5e52dcba38ad2692d678c4d4f5fc114f4aada1793da7462aca7da2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    942456c9f801956e4fb4337a8fb31a60

    SHA1

    3f9e4350cb588f17fa4a06b8df2c882424509c76

    SHA256

    4c1c2373e53d27269bae0648dddca06871b07c70e7d3f479b154c9213e93b6ef

    SHA512

    53e09b783e43c551d992a9eded16d7e0393ab77ee43e9e4fcebbfc07d2054597d5cb9f83df9a9e9ccc135fcaaa8017c67119b1cf64be45c2dcf1f7b55aff0f71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c83f42add75b459bb9d748a777322dc1

    SHA1

    83ba716c0fb89eea0844802e85cf1acec10804b4

    SHA256

    881c68adcac2b8b6747e82d2eb4ef78944b2d012274ced7c684b34c10f513604

    SHA512

    778eda8b2bd241c362eec83762275886ea782348108cc8930d05e172a44bfa2eae28fd54816e2094d08a6881a7fc32d24a563785b7b9cdc101b8aa9b4165b478

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ca0807b31442cc6b31141c4bf5f41501

    SHA1

    d341e0428108581a4f0476a475515f918d3db4f3

    SHA256

    9cf8bb15c78a155eeb7ed99e8c7a9558b42ecc92ca29476baf7e98982b56bf8b

    SHA512

    c4ebf0c5c90b39a44f3df0a62cda5368d87de9062c056690f25662a042189e1f9afb8d11955ea5be267fd4fa1a4c4dce930a8eb72ed2a0039d6f768a952fa882

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    df944e36948f4023ed79847c147313ce

    SHA1

    d3652df3adcc300ceee322dd72f0a70bc1c13552

    SHA256

    a1e646d2e9d6a012d08922fda5d89a96d4136b601a2c3f5b399137760f77991a

    SHA512

    e463ab918ff113e65caf7ecf766a4193cd78ca5311eae680fa2c07674dc52f5fba5cbda63a6be66d34943d4c844958e2e2643b53d4000f858db88c835ab4e4c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a73266392d2c37060f61152364a9c845

    SHA1

    b2e4e57cdbc07ee1b5816228228bfa9fe18cc8e9

    SHA256

    caf590f50dc27525be45c3e902a1c36e0f82238feedd85aa546b3cf00a1b5813

    SHA512

    5ea3b8688b9de0500b95df57ab3fdf4ec779007604c6b2ecc9abdae920c64361604b8a77d57e2be83784457dd8464a9fd8c63288927da86a1f123a21bc45accf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5c20a58c57cb9df56983af204a4af2fb

    SHA1

    1195b8fac89f2b3a173800e088633017f19a41f8

    SHA256

    44c8366d11d814f1f89cbd3612e0a3eaf7da5f6dcb129b778e035eef3d023809

    SHA512

    61ebb68e5b8be7fad4dc13bb0729bd711a0cfebf086e95ce640128e25fba1f757a98446fdecb8c3f39c057403a4a77b28555b9973aabb3929d2fd2fc94a87b59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ccfe53e37bfbbb3f5753532adf2d207c

    SHA1

    a9412bb84f60458fb6ccfa32ad8fcbd44f8cf778

    SHA256

    1aff19734f71f7d456726ae173d7611367acfe4ab46170527d77365240e2bcb2

    SHA512

    a1cfe743cdee7b63b3a36866742187aac6fb411ca9dc23a840aa72732a76e2e8197099576e88a107daf737469e8310e46cde132b43a1237f2d27e7e518145aa6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b333d639b48e3aea3baf9c7f3bcbf617

    SHA1

    6121bad62111ecb72709d4ee6746a2ac59a994a0

    SHA256

    3bf804ae557e0ff430adaa3d8be048cc6b86a67450b25b337265ef8a256b6e1c

    SHA512

    1a8d4f8b43dcf96352800b2b6fc498fea8a0d7cb9c89879b90fe2cdc4cd1e81d4b44b39e1f57aba5bb99bec3ac19d3e6b27ea8a95d45558103b7878fb28732b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4f3fa00b3bc29a3245d8f197e2e375cb

    SHA1

    497c6c84f64abe9322cc83d2afcd39bf6fd33234

    SHA256

    6fb4dd379df7df2b698eae67e0a49533f442a2c891ef7c02b665efd566aa89aa

    SHA512

    601111f56af275de50a1f8e8506be3aa5e9158496c4ef7355f61cddbc7bef89aafadcd8697e072463111b0b2d20d9f51dd4b4e2551317c4f3870a5752994a54b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    28654b615fedcfc2a8d06abbb6c59223

    SHA1

    6431e6ba73de262e538cbd376c83954ff6fbad3a

    SHA256

    0b816bb23b259629e87861e6cf40cc41e0d8a48ac3b9aa18d947c606bd718e07

    SHA512

    0f8eb0cff0b6f8295e8de86eb4386f8fe4c34a54ff33e936cf884edb7292d21769f44f04666feaede5c15e08aa731868e3f709f039eeab250ea523a4fc52c5b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c56206716fec35c73e55438a734e3c67

    SHA1

    6f06276f4c8cc41f11949ec394019c526273cf4d

    SHA256

    0b67e8c48dac29f68522aec5642a402c4dff05a279283ac1c2cd9a63eabf3ae7

    SHA512

    9334f2ae9f3fd8be08728805a302b9b5a0d86132ee0a14e117f84a38f0211585aed12d97b484cf4f02f0b3c0c22cd006e8bb2c83686f142b3ea97a0b0a58561c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    004f74231c9a5947b7ba06d68631ec2c

    SHA1

    eb44fd538091094549555cfad581160850546dc7

    SHA256

    8f83128c0bf9fd9b9c212f0e4c8e5ac3e92c969fd4eff4b0aad17b4aecd51375

    SHA512

    235a7f06613e0d31bd5e06582853c5ea0c9c2b965091467596e1c93802bfb413bfab6fd47bb9369491a876fc99e70180807748602f4192f4fb8cd45888eb3b2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    68109873f2ee04e6336d1ac406ee5a05

    SHA1

    42cfe6571502c2855792d4d631ed74c08627ce3e

    SHA256

    32435e2c5961f84bf4badc0c15fded25f0b186e02a2f6ca173f2134849a0d3d8

    SHA512

    ad62925d1f0576a56297c8fc067eee998e432fdb91c98b76e6950de3a0d125b68a3d037083579e0e5f27e346d13bbaf6a0060df688a2457eae325ee49bb35e8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1bd6ae5ba85acb52cbd1a0717a368492

    SHA1

    66b9771972e610cb2d9a8fa9ad1cc4dd61d27efe

    SHA256

    1d0e0970c346bf7ff8ad4bf88902d39f80ba65068aeb25eaf8445c872843c4e9

    SHA512

    be1eb43050c3776ee7ceccd0ae6148e1bbe28484a3f828613911130c6886c6ed502f5992db7ae623dced5b87193a92cb606e9c0fb8561fdcfad2c92818230f31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bb2776d39c0d7e717a0225e743843947

    SHA1

    7478267ffcfb4303ab600d0526d8100efdc2afb3

    SHA256

    0934a90e12133fbb1e3e7a9b68ef4cdfcf943b33d9ac4d285876a8f36edb4aaa

    SHA512

    20e2e7857c255757f18847f53361db1f7bc0c62be8ec91c99d432d01b415981732460a58965b209726a079c2d130a8f098ba869f7619c12e8b21418904d7fcde

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF8A4.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF995.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2516-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2516-6-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2516-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3064-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3064-2-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3064-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3064-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download