Overview

overview

10

Static

static

3

f75f1a3823...7c.exe

windows7-x64

10

f75f1a3823...7c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 21:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f75f1a3823e65508cd6910bedb971ce10dec903bdf36d8f999eaf97f8058587c.exe

  • Size

    1.8MB

  • MD5

    2eb6e4524259c855508b55afc99d767c

  • SHA1

    f52f9227f9db7e062cb813a9a2fbe21d04087cca

  • SHA256

    f75f1a3823e65508cd6910bedb971ce10dec903bdf36d8f999eaf97f8058587c

  • SHA512

    36ab3041ad3c71b636bfa126751a60ed84f07664edca7b66768f77f112bbd3fe02e94ec92fe76386bfd903fe77ab0ddc00411b4aed02d79466d1f9c4d8d626d5

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09IOGi9J6IAw7V57BfR27oJZuS1tkxdba8GuV6jwC/hR:/3d5ZQ1ExJ77Bfo7uZn1Sva8GuV0

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f75f1a3823e65508cd6910bedb971ce10dec903bdf36d8f999eaf97f8058587c.exe
    "C:\Users\Admin\AppData\Local\Temp\f75f1a3823e65508cd6910bedb971ce10dec903bdf36d8f999eaf97f8058587c.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Users\Admin\AppData\Local\Temp\f75f1a3823e65508cd6910bedb971ce10dec903bdf36d8f999eaf97f8058587c.exe
      "C:\Users\Admin\AppData\Local\Temp\f75f1a3823e65508cd6910bedb971ce10dec903bdf36d8f999eaf97f8058587c.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2732
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53aa1566a1c6a15d0b93aef499709897

    SHA1

    6cfa85bdcedb5bc399eb4733eda45ae35eb42637

    SHA256

    6b655a8c7d09284a14ab4ccbb03c53840c1891c3b151e30c00bbb3e08eb4e093

    SHA512

    262a74976f4823d921e487a73c845c6fa539dc7a02004cfeea79d510614eea6326af05ceab40a828212a491e9d793463127a4f85eab83b81316f094123c4b4ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1221f39ccd69012e96fe792dc6f91d65

    SHA1

    864dfb438778ce1b7bef1cdc7706b5516f93772c

    SHA256

    8eef6c30edb6330a49162c92cfdd933636044abc4e632623ce592f258e89c2cb

    SHA512

    e58be55f98b6ce0419c31c835429a5534a65c18ea2940a97761665791a523fc390ae62ff2f1449f97dd18c9e2530cbcbcb839d4c43b493b99cb833ef42f1e9fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    713e70d046f70806cb236fcff73b8beb

    SHA1

    e92a761baae0a7667c2a35930f99afbf6e12b56f

    SHA256

    f926f73640d9bd48beefedafaad3303d9d8551384e959cc4a69f7c1086ce1732

    SHA512

    f79a77ced930ca149b811774de9f638db6027abd17b1d277bc133006f845a5d03c3285c89b6b5c1180caec056afdc46b7025eb8a19d8788a4945a432d8438ab3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5fd072672b95c3825aee327be55de295

    SHA1

    b84074a6196b99bddab6f1314d84d56c4373c2b7

    SHA256

    60f2f7baa330cb2ea16663e8b6be0662d84141416d04b37b08658763004d65bd

    SHA512

    6cd832971c4fba77a6bf91d8808871f6a7991b8dbe040ceb647379d1031d5235f635a7923a962e46c772701bf5ee664d99d2e4edf5139ef2ea9e010d34bde68a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa9312141bf89628fa18c4ae68028022

    SHA1

    b2a3a3a095e2b4682f4ae861b1ba6266f8e6635f

    SHA256

    943a6ec52fb1eba76a3f8266978490448c6c1f70c011cdf99c483ee100273e0c

    SHA512

    39063e582a9ed03de5cafe24a13a3c9090dff59012b4653cb073864e27a572aa90636602116bf24b773baac14c1351887ed083d8f8b6a89fb7e91d837def4709

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    baf17fc0cb5f3b9382df27861e2c38d4

    SHA1

    3c346093e861f347ef734c16cd5d84e853bb1a66

    SHA256

    b45849ee5b6daa330e6a0045f9ede39f053533d8c6a48dff762f29fb1b09d07f

    SHA512

    2cde05147c0bbad7c48ccd751b397e13bf9ab76352c2bd509908d4e3ad280e0fe09c51c760eb60384787f551f96ff36b7f9bebe8e21a60376a341fcceaacfbf3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cac497cafe081ddc101e1db06f9c4902

    SHA1

    c681f6ad2957fd0cea7f05ffbc81f33be9f720a0

    SHA256

    1f50f3f3f6f8b8fa27d0dd79a37c2d6455eede00f0108ac057654ed5e2646c18

    SHA512

    af3a47fbda3ba0acc680621dca0ad1aa9f4b22d0328680d21df874a5f0792892e018ff45dec71fa5137f1348a9f2357ec19468c19e923a5b3a3ef2ce7c4d9b46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b9a9be9b1972f845645f681d9f687e6

    SHA1

    8c8b0b1b913387619485be5a4a4fe3db79a4dc42

    SHA256

    4d691529001ee79dfddf75d1979aa98762adbdc16b91dfdfb99b6c93047f8146

    SHA512

    1743e6926423c9f36fe9e025ca20b9efdbb8049f5bda91116fef76aac0d0cbd6dbe7e7d858f39d9b13dbe2ee0a2913d0af92352b823e1a20b52e053e791108d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2d4558b14ecc280289f775fd6518e9c

    SHA1

    e4605abe39a94912ff2ba728020bbc3243291361

    SHA256

    40eb6aaa9e0a3f1a7032d0907cfb3354e861a98a8794a2096c0793bdb47b2fb8

    SHA512

    bc1b58c75cdc6b1e98c3d77a12c7e6026ba2a92413f04404aaf44a34639b68a0f50a177e2ef3425128485a6434ce334a8afb2a810f7c251e46b8b7cce7c0910a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7669.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar79A9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2520-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2520-3-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2520-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2520-2-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2728-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2728-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2728-6-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download