Analysis
-
max time kernel
118s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
01-06-2024 11:31
General
-
Target
d523546025b845dcfcbd8ce8e0d5a52366a3303fa8d7d8046e5319845cac8a2c.exe
-
Size
1.8MB
-
MD5
ab87070c931dcb7a84edc25cba2477e9
-
SHA1
c16dbe72b4976d1671be7da68a16fb85868437d9
-
SHA256
d523546025b845dcfcbd8ce8e0d5a52366a3303fa8d7d8046e5319845cac8a2c
-
SHA512
2f291823463d381ebd39ac1c528c52785eeb51df367c32cd5d691230503608478b339ffda466e7392e1f8f73acca250b470896bf43703c0f5074dd594ac4d189
-
SSDEEP
24576:/3vLRdVhZBK8NogWYO09QOGi9JxHJR4tlF7EOcJPbB7NY5S6ezjwC/hR:/3d5ZQ1sxJlJRWqPF7NN/
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
1.15.12.73:4567
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Drivers directory 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d523546025b845dcfcbd8ce8e0d5a52366a3303fa8d7d8046e5319845cac8a2c.exe"C:\Users\Admin\AppData\Local\Temp\d523546025b845dcfcbd8ce8e0d5a52366a3303fa8d7d8046e5319845cac8a2c.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\d523546025b845dcfcbd8ce8e0d5a52366a3303fa8d7d8046e5319845cac8a2c.exe"C:\Users\Admin\AppData\Local\Temp\d523546025b845dcfcbd8ce8e0d5a52366a3303fa8d7d8046e5319845cac8a2c.exe" Admin2⤵
- Drops file in Drivers directory
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD506ad48383e3c14f7cd79356cb16aaa87
SHA10e137e4a6cd8b1eb2deeac298365e344fa489ff2
SHA256497d639f8fc97940be183f7bc75362d1fb55828cc40f8eb80c57df36650f3031
SHA512db1f29ddb57d86b4f3903397270debc3e460ee3573357c4b5589cdf9c360b744546e49c9a93f665f9aa02e1cd9f5726a15901bdd37a9890c5c9996ea56fd4d56
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5da4fed3cf49216a1d5c2892427e6c5d4
SHA122ebf34c091c4da1558297d6cb4fd418b38cc801
SHA2567a985728d53c02bf93d256461eb9522c1fe3e86747d039ad0c362cf40024dcc7
SHA5127028646df20807f20a62d7c526326d42665f04834e4c067eb33fa08af81a462f1fe1ba8f6bf097d5f27ebe24b35a55acf07c792d64b0cd87754456f4882fbcad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD50a44450c561da5a73e4b830d4cb9a4a3
SHA114eef298a9706e5cdd3d53b48bf464cc9403189c
SHA256fd8e3fef15a355338da51b0093c6608f7d801d8c5644fcda3ab0114f860dcce2
SHA512b6f9f4c43c1821f742bc02bf801c30e57d9f649c0979f6fd5e41dc6d9a5c2745e90e4fa2f8be08812857ed927cefef90ba2b935848b96265bc513c98da6b853c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5c799cd3a28ef1eb21decd8a2d2cd74fe
SHA1f88fbf76032ea034a3508f87a600b1cdfc329d42
SHA25650cc998a25b7d49bec8635a30c1aa5c74dc69a08bca664393e88e548a5273ca9
SHA512e99e32a9e6b342457e38d2e36fb0d8e6d9bcc69126bb44c6e7001b1e108c9b37c3db0e44137912d7926a72809bed00d2d66c2a9ec5523c23e6ddf3bf309a851a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD558148fb4c0431d6720cc73ec291cd174
SHA15dbe806073338d01240efbdb3973a8c9db0713a5
SHA2564e5f4684bc26d61ed142427ca7560fd97228f632042fba81338abe3301914c6c
SHA5121061e5a0841720e623a5f32f3759ac90848ddb7c01fe35a6f98656f19de5540c874089461ecb578d678c10ce44a4275ed56a57ccd8b5f80dc0bfe58919bcdf6b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD54c8578cb4877d5e49b421281a332f6bd
SHA1e5b955bfe1f6bf2bc31a3d3a147ec3b1dffa32cf
SHA256d2b66bed9995ff5c8d7e7e54fce6ccb4bc00a4dfac5324b27e89ac5244e15c91
SHA5121315c548e43e38930af819b55e31f8802bacb8fcc5da7d80834f44f5393ab5ec95b3fb4e2969e88129846b25bb0626582018421ff9e3ad30f35fc3057c007c85
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5be257f019c7625bcfd96711b1d03214b
SHA1f8c3c51281c00efc21940a6a0392f0240b565442
SHA256e33816662fac8064c29d4b6120627f2935bcee396822c0b3502914de799024ed
SHA512bc1e1d46e56cfd833e058688ee209b47a5f6956a712be01d87787d39aa0164a220d79f4d49c3aace2dd000baed7a937491f591a1a06aec2b3bd1f289a872846e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD52bfa4b1f6b496c79e0230daff0810d5b
SHA1d5a83d86131927a62a8e259d3b1e7fd1ffbfe9f6
SHA2563c78116155782d9b78e0b4523dad82b5866bff0eabd9b4c4de4c94554cce93ff
SHA51238c70a6af97b7949ec882a4c5a134ff7473e87fdd3dbcffa08bc798169f8bd2c2bead8f3c35bd35743be0bb289f88950d35d6e932b00a70253491a83f39dd02b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD50aed1c57e21698bfc3bb0c97214d8877
SHA1df69bbcbd668533e81e87a9e3cfbd651b2b3a8f4
SHA2563cc0bc395d50780a2226361d2c0f206088d155e4c83f78851501df475cd1b36a
SHA5129d3397e5d64884a10e17a21ba00259111ac78cf27311dcb99cd16b0fa42e79514b859283eb475386c4017e9f326e07e543f731ecd4296dcb3b828397953c11d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD55dbf087650405beca8bdf460b5f96786
SHA198cbcca88eab50ad2ec64bd80d749294ab8c0254
SHA2566e9323e8404e5965fcfeac3ebc5fe8118fddd42487b3eff15eb276da2f77baea
SHA512eb0375979fcbfdc488cccf0eb8146d38ca8804e6a310accc8c4ca8b4790d948a1bd9f1797260184fa05fc5c0358308f30301de175ad7a3de356589144e55e4f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5120dc8cc4ec1647e225fc870ad2b1591
SHA1e4bb5cac84cfa697a8d8d06788d68f9b027e466e
SHA2565a9645131b39a61b082db8d4183905aaa8274cef555169a59539cff5b7544e51
SHA5126aac783929840f2dd8c7544765ff16aaa24646dcc1141273b42843e3445873fe80f3cfd4222fb4719e7d4d4ba6e823815e56bda0ce5dc5305145576d80d294f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD53006a8eaf0a98597ffa5757b486bdaa0
SHA18e1bbf3f1f68672544479ceaefefdda82090b24d
SHA256467158ab94b20cf039b3020bababdbe31d87fdabda98969fb7f38454e63c1a62
SHA51232e3466d85842dc3ca52a810b56e6e9678b117de65f6214b6ceb18127c5f4a30057e60755172df36d43ee2545ce32fd0da1e0ca6910ea91ea257cea5ec332bd0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5fb52260c43fd566c98ee235d54c1942f
SHA13609f43741f313d1c99a3f0efa6fc04160798de4
SHA256ac1f2d66d273eee8364cd8dde24b9df2efd036eccc96f6c9559d18ac98fa3a92
SHA5120024f7b452b2ef5b5f6d6268dd0e52ded6342fb16e70b32491f01c88b620ee4c1aadf13a917e788acc5865172b4232e8f4a2702cec700b4259bcb59c7d6ac810
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5afc9fee236c0ee62fc83b53243919ca8
SHA1ae476eed96ca1fc7e2688ef93492d52b49d99a53
SHA256271315203272199a16e2ced44a55fc2752f8aade8d2bd2126f27b115438e8ebc
SHA512499be70d205d2f582333e86e475e6c4f17fe96f104bd957a819e7c27f35befaf1781b2715741c08bd02fb115c8dfa5c2eb2f2456b7f37f1ec7aaa3022db37375
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5de77e6a440fa53c98c256b2f2de9b494
SHA1930b1cca67c63a4770955d822c1d880a9a6f987b
SHA2568571d079c68b68efb8642aaee9cc3a68ff67cd20dad1a7542dea71688c865a56
SHA512ce51b97956bbb5b16973eefa203d068c0250d9c0c399ac65fb291c793cf2df6ab769acca06fcb89bd01fc90a2faafc1fa93c8927075d46c2cb74e2b4fb4dc8bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5d2c5612bca323967f7d9b7765ae064cb
SHA1ffd2c3bc89d38eedb95748995741bb4d55ecdfab
SHA2563f110d29f4e799e2465914cd23869395687ee7a5507c7b45887d52f06fbdf0c0
SHA512c44644378f8d598b525a62c9197ae81b219c7c4d04276babacaa6ba81bcfbc66052a6114958499a423cfab775a9d5c791b4f7790fe624aededf634e1420295b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5cdc991270094a98e8e1347215d1e873f
SHA1230b4aee9fda96e1aef65e46f91a485c254fdc6f
SHA256f3f2f8c954faa1f45c4a906c185a16ff8ed84fc2fdae9c4a52c5e81119fa44f8
SHA512c9d0c27de62274c2dc0f2f91a63ef00fafe65340a63336b636698ff841481ffa32c1550ea9dd18cffb728dcda3442f46c6d4dd6a86c73097702040874ae1c89c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5c1f08dcbe1bcf5c3c86151ec102d994e
SHA120b241aafad93801be7c46864859631a6f424699
SHA256ef6affde92dbaf8223e1a7a02e9df0db0361ae1ecf0896b41aa9f19d14831969
SHA51275649e0d181818dab61ea5ca95da029d3765aef9226bbb6a861d6a7b5e003947495488c1b1ce494f64076de466d5681c142c98f4d42673a25f001a3d2d98f7d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5c7c703efeda2759ed7ded0c650b4900c
SHA13440713f447325f41cb7b6aac8f39cb03c3e30cc
SHA25640f5acac5a561c1bbbaf226f54a83aab5e0c8f87202c4c628f54b01fe0c59c1d
SHA5125226b78bb00ac7e16818ca763ab239dfa9757ca9c5e4d7ad39546279050a60ddb744e89a7ad27e96998f4cf2588a3860bb325386b316647baa69d584ea1182f0
-
C:\Users\Admin\AppData\Local\Temp\Cab1565.tmpFilesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\Local\Temp\Tar15FB.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
memory/2452-9-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB
-
memory/2452-6-0x0000000000270000-0x0000000000271000-memory.dmpFilesize
4KB
-
memory/2452-11-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB
-
memory/3056-0-0x00000000001B0000-0x00000000001B1000-memory.dmpFilesize
4KB
-
memory/3056-1-0x00000000001B0000-0x00000000001B1000-memory.dmpFilesize
4KB
-
memory/3056-2-0x0000000000280000-0x0000000000281000-memory.dmpFilesize
4KB
-
memory/3056-4-0x0000000000400000-0x00000000005E5000-memory.dmpFilesize
1.9MB