Overview

overview

10

Static

static

3

2d5e24a64c...72.exe

windows7-x64

10

2d5e24a64c...72.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 06:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d5e24a64ce7641682b03142a206974d85a0e856d41795ee87975c3640f38172.exe

  • Size

    1.8MB

  • MD5

    e76af6c64ad849230a400e5c924deed0

  • SHA1

    c5a2334d329385f4d8e7e38fbe6d974d07511786

  • SHA256

    2d5e24a64ce7641682b03142a206974d85a0e856d41795ee87975c3640f38172

  • SHA512

    805fb98058da7ee4fdbdcafe2ae03805472eacbbdf3663d614d2d767da7ce5c041bed7d0d8e2231b53c24f0afb6a84525f23b8f8fdd4895af607f14f476bd4d8

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO092OGi9JbBodjwC/hR:/3d5ZQ1CxJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d5e24a64ce7641682b03142a206974d85a0e856d41795ee87975c3640f38172.exe
    "C:\Users\Admin\AppData\Local\Temp\2d5e24a64ce7641682b03142a206974d85a0e856d41795ee87975c3640f38172.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Users\Admin\AppData\Local\Temp\2d5e24a64ce7641682b03142a206974d85a0e856d41795ee87975c3640f38172.exe
      "C:\Users\Admin\AppData\Local\Temp\2d5e24a64ce7641682b03142a206974d85a0e856d41795ee87975c3640f38172.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2228
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2632
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0f94df85d7f9c0590e5724874ddac2ae

    SHA1

    2ecf68cfd647f5557615b0c9dfcfc079e204f0af

    SHA256

    5822e2aa40ffedaec195b87943e4399c99dbf45a33e80f6d18f4296c62488975

    SHA512

    eb31cfd73ba052bb37b4979dedb1f020dd0ffbf2af2121af19a72ad2b679870b819dd2435e7150b333687fa4b0d870d270d5f16d2ee1d80a2fa2862608f600d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2efa21b31dd14601e9f109d6f138c128

    SHA1

    6e9ab94bd03c3b4184f3e81319d6655c54441869

    SHA256

    00eb38e85fb278552635164cf4a309bd98cfa54d2664b92d6182ddfb6226b0e6

    SHA512

    80a2684aa3a32a623b3ee3c58a1153543b8bdeb79e3b0d093a6b75141958b2de88a79f1d07d8807c3f6269fb53eb30cdc8e6917c96334a4ddad1d933bbe72fe1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    75451262e0a2b0af9bd79e8380240d85

    SHA1

    1647ea34823acead72b894844450913ab4b6ad6f

    SHA256

    1e2a5a786110cc934a35c981f5c7d2e500c1e6211add431e5940a29da5032ab4

    SHA512

    ce45b0fc4b8ee5ff9f20e084501fd50ccd19a5132b8ed0b814238e34f510e3aa314d833ef9e6276644c67705ba516b157c32778956dacbff8c2e114f2f81004d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a749daa7ddca935b3cc097e701ea8db6

    SHA1

    fe7975495d30d3e70385dfdd4bfe9f56aae942e5

    SHA256

    3a9643a5298131ec9873574986ada7320fa688a86d3b8cab319e55c8fa81324a

    SHA512

    0face501623fab99d5b1da39a816768094d35aa28a36e86243783af41a1ae2a93bb9ffb5ed64a5f8a32e33f55caca7c890968f2baa46b8a18fb2203fa6d65b68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    57f8bc011cde1078447f123d279460c3

    SHA1

    eb7232a20293bb2e6ceb29011ef6db45f6ec6b03

    SHA256

    868e1303894baf3aa2f45e494e12dd41c3970b9601274b23682765ca9f88f6b7

    SHA512

    f2d42f19b6b02e90e74de85e695925fec3e0772d5147722e9478e076980016c99fda1bb3873ad1dc5a887170b63fc5bf29f48e0675c122ae762878bfb3059580

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f606f4b31681adc3987c4b5224b2930d

    SHA1

    7c654381fd76c54bf1d016efd15dde997fc40cfb

    SHA256

    6dfe2cba370ebeadfe577b5598d16e878a57504086d58379f976b29090bb67a1

    SHA512

    6125560af603f9f0f432978de87bdc6f3ad202b67ee58af1fa3dc8dd0f3c6119b531445055e199b568fd74e387e241bae4da32f9072bf6cebb24fd69560735e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f4ec3e6d1b839f1b9c63eda51dbd653d

    SHA1

    9d8107fdd6460aed97f3949202f79c13b8fe10e8

    SHA256

    53e3568b8d7d5e4887b959c91e7523c515c1d3ce492e125f516f4d5c083cdced

    SHA512

    78d8f8d82c0174d36fadb6577b6ddf3fc179f7906fda1a58e79698ba9a510c3fecf711792aa2b281f783a80c4bbb4dd5d91a3a0665da4462401b80ff61c017c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    829f3493580e427794af89ea532778c9

    SHA1

    c1a6c0e3522a6925e24eb6f5857343b3b19908b8

    SHA256

    8eba3cce8f33f8b31480c3de59d4dc17826a2eccfc2763e92f4b9c58d78c7a84

    SHA512

    401859234f71a0e5db00aa6379ed9b57ae36288f8e3d6663d0695b3340bfd8000ced1a1c604820ce914db661a0ac53d04b71131d28cc7e8049a0eeb5c7528450

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    74417e7a1e9fd3b26c8a4afa796dfc01

    SHA1

    4caa5b9c661e2f4226c0f99739c3bdbd0fc1effc

    SHA256

    ffe9b8c685f8e3ff966020f7db7e4cf659c1bc9eacb0ae13da59a95be1276f82

    SHA512

    935817883b92bf906ea8d2dc1a34691f36aeea23827fbab03e0d54c57413c00bb75d5396c977dc1dfb1410320b75fa4b614555370a9059ee7d8c5b431fac237f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1ae5797c8056455d6f99a17232655ba8

    SHA1

    8027f967e3e55f18032f516c063cf73f6967871f

    SHA256

    2a4231f06c2f530fbcf125ddd3c47b03b9aecc1f629bb6122d3301cad7794bf6

    SHA512

    b6a6e61d5971264cf645be33cf66be69a02cb0ea4962c423b9d4101652b205e4cc27cb1a3453daca0e3ad7f9904bd971ef2f20804aa9741568b17a943e8fd982

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5b1ce1beaf76dff776ad629da0f6be27

    SHA1

    aea1217c34120ee6643ad9ae2fb45412cf7a8227

    SHA256

    299a0709f17bd2cb5e3d4ba81afa55b0c6b2edd293e5bb9ec528409834b3e637

    SHA512

    fa4876d6ed2b3c60c1ac94c056a570173d9cbe3990ea659c60dfec8c734e2335a4225bf124f9c9d09a0d56930475fdd5e9a883d2066522d77ac63da3f2851ea4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6a254e156814a67596090dfaf0e9c958

    SHA1

    986334a2236091e50c92fa8a688991e32cded017

    SHA256

    5174cb012db7ce0c819d9b0b32e6163ceaea9133596bf219c3d99010bba4122c

    SHA512

    5ad3db27c7992f626c9875ee58f2573d3c41e6ab451c6015bd14ca74d9261ca0f75391630893e89a2b5b098d9f076fde57a3794d7c29abc78082a5a6cf589c9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6c62e638d15485a04dc8273075303871

    SHA1

    2b3b673a6bd7f4b4e83ef77c6420876dce995a42

    SHA256

    bed0a2877861b511f2129e59493c2a3112bbcee164141a55e9aa3d45b22997c5

    SHA512

    257905b09c07cefe2bbd73760cdc66ec0a9b059ae967bc57f0d9aac59df7a89ad2e32c6478628fb1ca02e0f89bde31e88945765144aa0012d62e38655cbce97f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    54a5f5a04edefbdb917824d661009e67

    SHA1

    79c76db9c3d4ee2717d41966ca5e4a527414fd6d

    SHA256

    be4b7491a77c35506c15a52bf80366e0e596cb9a1b1ac7ed6f8b318093f0cab4

    SHA512

    fcf25f344244be41cdd4b7f7d3a585fb8216ece6a4d85a6d71b041aa015b098770ddfb14a980601d16e4592efaa81fa8a3604a5ed165fc680be439ad4252fed4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    371c5f50ff2aa0b698ac08cb03d7bb43

    SHA1

    0b0a56ca30abea2c7cc2b9c366a560d8bb5915d2

    SHA256

    7db4a6f5fdd2964742ed366fb2e4cc5ba0fe5ddf24295b62694cff2baf970c0c

    SHA512

    6b16bbde1babd9d1323b1bebf5d34d6c003ed265303a0a631e48589f88bd3bcdc9b8e8d492ca2e5dc374e40f11b9932699cd49c0aa9888b6ca0e692b94ca03bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4d3091fd97499603fb5bf07af0b15210

    SHA1

    c1628e9db5781f4a67cc4c69a9c5407d63c74afc

    SHA256

    da0f3af3dd753cc79ac0d925d1b99e23f4756570519f9bd60ad494b5d7ffb480

    SHA512

    1449fc4e250e7d12d950721b9e85b24a373f9705235b9a62d9f18b520e523be68177c3bc430e1df79b69197f763eda634efaf1be886f897d7c57adc45ac9f6a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    82352409a0d2104c9cd9be88f96b7176

    SHA1

    0e005e76810f7d592ea129232af5c1ed851d739d

    SHA256

    3948d6f1502df90f69b6205c6374d67f240ef2969b20d28fc7a97ebc0dbe8ae2

    SHA512

    c1278de8404cd54d3da016f645e45a67a252ca0cdf2fa36ef8e9e39d72b83063e30e435b8334c3b41f942fb9cb788c508685531cb59ad228907632654bfc865a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0ab557a52a51b3d1baf323458ceaacd2

    SHA1

    7f20720ee358736bf8bf1fa1392f4c93135e003d

    SHA256

    234ff696a29f471b05b024d6d2b639c36017fc4e0d35b7fd2534c048062ab373

    SHA512

    f4756919f13de2404bb08e2addd0303fcd299ce5db87c64793bc826932226fd513986878079816cac67f066dd388ce7be2ec52c911eac5707ebf50aeb3000329

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9cd4fc1373efe20bee3edcef13c3c943

    SHA1

    6d0de2d6454538354c9291ccd0b998a9e6f1ccb7

    SHA256

    31745c66346f7baa27af182137620dc8d4dd892b77888372cd07adfdb9d70e6a

    SHA512

    7e779878e3c2196b430c2fdef93e46f02c621ca0cd91a980decf9b2d26ebabe2bcc54576966d23beb0d833e2f0d8aa975d696d42cf2a7a063620e44bc600d7f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1039.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar110B.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2228-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2228-6-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2228-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2244-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2244-2-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2244-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2244-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download