Overview

overview

10

Static

static

3

04627ec1f1...f5.exe

windows7-x64

10

04627ec1f1...f5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 19:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    04627ec1f1311855778f53157a070b7651fdaf078f9a8c93c93bac8515d761f5.exe

  • Size

    1.8MB

  • MD5

    de3849b36f155f0c6b528f10529e5fc0

  • SHA1

    5c7c3a5a8c626139a0ff7596b5f5aa8b85e104d0

  • SHA256

    04627ec1f1311855778f53157a070b7651fdaf078f9a8c93c93bac8515d761f5

  • SHA512

    01f78615a10482ceb10be9ded0e0287f8b53ac30fa07da2b8ef45a01d4e2410cdd2de04770c00ee124abd54b48feddf5e3c8d38df83a1fc893fd5eb77149fb59

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09aOGi9JbBodjwC/hR:/3d5ZQ1KxJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04627ec1f1311855778f53157a070b7651fdaf078f9a8c93c93bac8515d761f5.exe
    "C:\Users\Admin\AppData\Local\Temp\04627ec1f1311855778f53157a070b7651fdaf078f9a8c93c93bac8515d761f5.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Users\Admin\AppData\Local\Temp\04627ec1f1311855778f53157a070b7651fdaf078f9a8c93c93bac8515d761f5.exe
      "C:\Users\Admin\AppData\Local\Temp\04627ec1f1311855778f53157a070b7651fdaf078f9a8c93c93bac8515d761f5.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2004
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1136
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1136 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2772

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d5483b3e8a16f9bcdaf4d65e3a32d90f

          SHA1

          d7f0cc36b7fcd63885cd9c35ef0a7eaa4040434b

          SHA256

          084bc400eab39805386548f9992293c4241ce1c1ce180ddb83220f7eb08371c2

          SHA512

          845e16ee1c9fb66dfcee28fd716a0de2c8ab116d12cec2a0d39e1baeed45ac688be88147e142d098fbf3e69375b4176122a28e976d64914a2e6b25677cd541aa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4806c6b4cf71385e9d8aac731cc5b67b

          SHA1

          fe2d8e3f65d06213b1fe9ca1021c0e9ce4f8112b

          SHA256

          34bf736bf3a7e938319aa1a6885f96947d19f99060ca1847df9751c7a56fe722

          SHA512

          f0316277813efa281ab7bd41c5832a57a110e6c5210ea320c3fbd2cb73441609602b16a73bbfaea7003e8ceab3507ffd2a42b59fdbf66054e9a1e6add6638898

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c14c5ca2a4248fb9a1b00cd30129da01

          SHA1

          c3f33502dc7320aaaee74a2436d143e509b98a7c

          SHA256

          3e43e5d5faa047dafcee2ef4a310a9855fad9c3a03223bdadeb3d5a106463daf

          SHA512

          705804ea4a563ada1c898a688e90cd2ead764fa90b9b261cf35ec4304a0f7e4841de6b9de3b5a797a50759f99f25a5cddb77a5d87847a14ddb8e69b07f52ebf9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f5cd9f98357edcfe6e080a6c0d6ada45

          SHA1

          78b37c8607f0527ee1395c58082da550a144a676

          SHA256

          ad5c46f873dc523f99bdda0a1e8dd1d8aae60968bad58566573ded710281c0a2

          SHA512

          b217ce9b0ee5862472b8172a18736d5b1a01ddc999a003ae84f02df559087596be57e5b19282fd11f261196dc776137dad23affa2aeae53e200d4f41fa08fc49

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9dc526759fad7e1d8924a33671898e78

          SHA1

          491436979ac4bb5c5e542bd63028eeff4537560d

          SHA256

          e38ee4a4630e94b9cf46c4234072252b3af06cab040e9c1824fa34a68ba8b47f

          SHA512

          c270cdf8a9fb1720609e75ebe19f2c02019b1a238ca0a47e817dd12a5cd1b3e1af1f25d74e55505a6669e0cbf45e6bd53e6d6e2ad8d18c62612d5dad565c2a39

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d5a2a114e9d26a14c62596c853f1acc5

          SHA1

          0613acda2c6a337cbc7e06f7b4af86e6520bd323

          SHA256

          8a1ee341bc2d7047a7d5704925bbff1fcb5aae383244870e3309517ec08bdc19

          SHA512

          265e2c3f0ee9ae03a5bc570e5e6ea7b1c9280f8793acef30a59ee678f1bc310f2c2472d5571cedb0ec8a03c3654422f70865d34cd4e53a3c9407bc356f63ed89

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d77011e3ce6367ea997cad70dcc7f870

          SHA1

          d1462b50028a3ef4d4a9a1244cb06d8e2e73737f

          SHA256

          ece7b66f0decc70bffa9277b644f9ac16df3dcc975332cdb1ebd20330141ab2c

          SHA512

          c3772501536e925163d74c9005f2021a6e4879ec375e134a48b4d0af810e762a34b4c099bb2b2349e1c9310ce7b7ee4bd2d17aa1e7b2670024c3a62688215c39

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c886742c0ba45915b78cb832df6f1566

          SHA1

          39012d9b1b4efcf8697d6287bfc2a20cd88411a0

          SHA256

          cecc82133b806a0f1f277c4c8029a059c8ecca7b8894e92e4ef83dca95dc6e59

          SHA512

          fc6aa09fc998f912b77e0d773d60dc373d40602a7954cd6f0f91d9a34058d1da6105ee8696cd11bf73ab810847f945292a7b6bb79b72e46b9be534fffbb9165a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d7ae8f2147bd6068924e9cefe2ba05c8

          SHA1

          eab73f0bd0aaed4059383a51b9fce283923a3f62

          SHA256

          7bc260b7314673dc0cc767611570f01c70b6c4ba4367e5ec9e72da283d51e930

          SHA512

          b8d5811f410d94305509dc571c8edc2dc30f7de51c5db97fcd69bd3d77c01f4c7cb8bfaccc75b4936f637e19a129a0a78473f1a92858ba7a2b1130abe92c7c79

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          40c280268db8d6d4f6100e1094e10130

          SHA1

          7a6afc6eef6a993cf4a0737481e67860bf09ca73

          SHA256

          26dbf6fb1a7c7948fae21e46bc5451b91164c7b5ea67cd134a5aaeeb9c2be424

          SHA512

          0e25627163608dfe3567f6299fb4d44b3953d915808cd350257db94e05a480e27fb152ae9c6819df827a1660ead43602319bcca2541f1c37c63f9062ee66de7b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bfb888464dfed285dd2c2d6b1151aad2

          SHA1

          3442de238ae8dbb14f2c6ae61e09211f58b9ad47

          SHA256

          018a80aa89d02674fe79c7d61090f08413b56923b200ed86633625af859fbb23

          SHA512

          cd73c5edc3f199eaddb60d7661a4dcfaba8c385be86cf0a09c9e5c3ea8528457c749cc0acf533541f993febc8c43e37552b561be744a422ee4206c7300b76f18

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          359522174b57e11043760b6aba94c348

          SHA1

          70ceeed71e218e2d9e81d657e29e4972bb1bbc54

          SHA256

          865c9b7aed13b0e01d4aa7bf4466f7022563791aca06f56957ed3aea8b0c03d6

          SHA512

          fe041906654bb074bfc8de7e47a2c847094b83571a505fff043fd6fe160f56b0f704be3870a573ae33e66db362f3d477d3514745fb1b06c7f1a7fd0941cacc7b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d36159ba4f0b72428353a63d0d62c23b

          SHA1

          93a530850f528e27e0261129697d349153c81dc6

          SHA256

          ac14a58ab89a02026530a1d9f3e43c679ea21e7ebef52b5e722862d8e81c22d1

          SHA512

          0ca282ebd723fe4158d4018b71fded1072928de44629dd0538752175df63fa15c9c4cf17e7b285ae2b6b47f9a403d83b400e1cf6d98f8d6f59a6897254d0b866

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6c5ff7a640ee2b1a7714130f4e8e581e

          SHA1

          0e446b0b1e1e994824dc932b277cee204db89787

          SHA256

          187664d3538ea3d65584d561c38d2f1c42412e36690d2174a6c26c4da857dd18

          SHA512

          d5b43d8330bd9aeaaad2e05eeaa8779917d5f7723b0f970b891cfe610ee4d86b4751ab79ddc216b0a0c035d76be8cfbdd7fc175aca9af5fcdd662c5f041d5928

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          59af119f2513d8b5afb43c37efeecec1

          SHA1

          79b02ae15829a4499666e9c05634bf335cd659a1

          SHA256

          2fa7cbba7581752af71fb585350d85547c3da1a88bc31c852c64db14cf857c9c

          SHA512

          ea3fe6256fdc223131b9601c524201e26fe88006b81271dee48ec70997894152b86b75ff16ee61d62c9393a348c8b333ef5a0cfcea1565fc4a1ec152d976d617

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          59f314e7da01a7f7755c1c84b8124a83

          SHA1

          5e00289fc7fa45baedfef6bf199a6d191b175377

          SHA256

          8606cd5a8089abd013e42431276758b78589a7b9d49896d769c680a2520095b8

          SHA512

          271cbb79028f23913266494a50f29c4da2266edca66b7cfe7e68f8de150bcfb24742ec2d568557f4662ca5dd4dafed8492b2ca31dd107217656075d69b92d326

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f92fc2ebbb427666130363b9bbce300f

          SHA1

          8b238d0e10b4fa32717d948f300f89d84836be27

          SHA256

          0ccbbf3b1ecb68f2a23cde527db853f1d7db83b59d5e9916d4c6ce9d0f692917

          SHA512

          f3fb09d7729b68ca1eb2ced24d0f46cc517b0d3eb6694875771ae2c53a603635c491e724070004511f7b2823f9570c772316f36986af4560bc064e005012b358

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          47f52221870ab7bc26888d35753e54f8

          SHA1

          53be6ad6b8a571e109568af61b895e29550074a3

          SHA256

          d027c4189a8bdbc18d05bcbd08601b341a27d547742447a487a04c9927cb8554

          SHA512

          86998e60f5cc7f494a1937885dba8e4970f539c23825ebe2cb740a6bc7c3e58d8eeb55712a1b9b3f0df7755af5e2551506df2e000fa776e87fad8011c8fab69c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab936C.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar93DD.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/1724-1-0x0000000000300000-0x0000000000301000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1724-0-0x0000000000300000-0x0000000000301000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1724-2-0x0000000000310000-0x0000000000311000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1724-4-0x0000000000400000-0x00000000005E5000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2004-6-0x0000000000270000-0x0000000000271000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2004-9-0x0000000000400000-0x00000000005E5000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2004-11-0x0000000000400000-0x00000000005E5000-memory.dmp

          Filesize

          1.9MB

          Download