Overview

overview

10

Static

static

3

0cbf6c34e0...80.exe

windows7-x64

10

0cbf6c34e0...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-09-2024 19:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0cbf6c34e0568325d1b0ed98711c321df597e0a68c8d499cf70de5f7bf774580.exe

  • Size

    1.8MB

  • MD5

    c5141165c877706f3ffa0ddc4134b2ec

  • SHA1

    04c8bfa7df7c262bb3d84e0aa7d32511cc8b6abb

  • SHA256

    0cbf6c34e0568325d1b0ed98711c321df597e0a68c8d499cf70de5f7bf774580

  • SHA512

    53fa48bd751a875e6a7ec83da42b4d52c3e6f8a72f240d4badba909b19946cc44b1d06fb64939cf30c156c0293f6cbf6c1ed55c773d63920a32377bf395864d3

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09WOGi9JbBodjwC/hR:/3d5ZQ12xJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0cbf6c34e0568325d1b0ed98711c321df597e0a68c8d499cf70de5f7bf774580.exe
    "C:\Users\Admin\AppData\Local\Temp\0cbf6c34e0568325d1b0ed98711c321df597e0a68c8d499cf70de5f7bf774580.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2868
    • C:\Users\Admin\AppData\Local\Temp\0cbf6c34e0568325d1b0ed98711c321df597e0a68c8d499cf70de5f7bf774580.exe
      "C:\Users\Admin\AppData\Local\Temp\0cbf6c34e0568325d1b0ed98711c321df597e0a68c8d499cf70de5f7bf774580.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1324
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2168
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc9f8d016b5617f432f33c0671c484e0

    SHA1

    d7be6c55f832ac7e9b5eff1bb3b364ee456b25e8

    SHA256

    c381efd0c7cb8c3a299a2cc6567a52d7f4210b0858baef67dd17e77fd6273c36

    SHA512

    5a9dc8495b3c441f91a3c69f0bc53f90137d627b209f4bcff9d4f5b298160bb02a44382b126610c08c078701ba49ef72c4ea8042823a47ab539a393c5723540d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b7f87c6d85fc1704727717db2ab23ff

    SHA1

    65da13691abfe2b494a92dc98c65a132d327bf14

    SHA256

    e1df2acf3166dd678f0f50a6f5e4b88f65f4a16166e617c920d45738e2c68f04

    SHA512

    03c2d77a370eedd0976a8049eedd7b2cf99f1c2d8b6ee4c085710dbc606c79de66099e89a153f4a90322f22bbf8bd594218ddd54ad2d1e4eb4bb5a15e5a67b7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a37aedd2cee247491a804bca459704f9

    SHA1

    0e4458bef019d48e945f7cc5e94aec248dad3375

    SHA256

    7affec1d0dab544791b3d9c31cfa824f94890b8188bd4061eca7f3fb344605bd

    SHA512

    935872751dd7fcb64d9fc638e794f07a26fdc99c1aa0899e285de438747da2cd57955e65fe0055b2b5c86cf7dda74fed69d84de5b87202eb5d41ffa9fb323ff8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b70295340bd31df9439225a9a7264d9

    SHA1

    30de10ca73c724dca58f0649cffba1633856b673

    SHA256

    b2710293403c93be1cd8500a089b16b45e537d95199277c00315aad17ce87032

    SHA512

    30cfc976009b87172e42033b1583138e9067a9417acb781fc0f5b88df2b7d0fd474168e42d8fe9df886cf5c5981b8f6eef926a3d8ba3abc001176eaee0daa603

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad5de6236391f0fd01b27abfac5a69d3

    SHA1

    3ac41580daa1c83814c6296458a0ec8d2cfaa637

    SHA256

    a0b79a8ecd0a5cf8149cde01077da80523ba977da2672ba80b7f041291b21fda

    SHA512

    721f23808ab346ca1e423e1b76a1a7adcc5bdfa12905fc625409068538e66181617c94d514eba8ea30ce90bdbf73ef037bce2a8d7ebe7f5da1bc26cd03f24166

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb110ac972a9c690bd9ba5a248596e4a

    SHA1

    8a76da626a9cb79e4055eb4626759bb139902866

    SHA256

    b917c55371ba8327157f59f6c5d7e54e9c16d6f62e759431dcf706fd143870ef

    SHA512

    5857d9fab7f1f47c07ef0a82c48c361b96b40937f52299d94c09ec5b80e1a139440c4b9b82b036fd184953ba7c59c962182aefb1ff9e8e480bf8d3ea7ccf2450

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9aac5bccd4d8efaeff4bb999ca54259c

    SHA1

    5b6728afef2a3988b96e2b9cff53cad1e1df4234

    SHA256

    71eb06c54db00dc98511ed683f21dc6979276d93f60fca2b4866b3f491c7e791

    SHA512

    c9c7ecf8fd40d4d38a8f3b6c15678f8f558d0772c37d8db267c7e51d8f424ddc2f1a8edc8d312ef671176ef420b070dac208d74645a36807a42031b7450c02f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    217cc2b31cf6543f7178c48670922c9f

    SHA1

    185a6f37e096438fd6e87787cc891e563fde99b5

    SHA256

    50574a1c56983f363b84c92821253514ab8d14359418aa5f93728141522ac0d8

    SHA512

    6a173bc9de0413515f5f18d4ad5e181aa49488cbfc6f862b57e8baf04d3c2b8fb390c9cc32f5087b1226d5c14cac3aa53590a6301665cdca6795d05409a8f0cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3a29d037c8206593cba8fbd83dd17f5

    SHA1

    b8273de0b681846b2b84eb5d6c3ab834075f0756

    SHA256

    083e7b2ce8584bcf62aac3ce663cc80d2840798b2def6ef07d43fcc81987285c

    SHA512

    a45612218ea9b0a88145984ace9d8bc650351e6d72f931de7854c34b8dd50697a5860b9c1455d44ed027eb7fdc2b5925c2edb3ca856903df8a54662c8849f108

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92c88bf53d595d8f1d3b6a5f06f63a8e

    SHA1

    c29eb6b22a0ec5971511668e63d121c71cae79f3

    SHA256

    9ac9023f1a227f6cb54e26aaf5e2082abba54e1096fefb2ab42c5aadc47ff52c

    SHA512

    846aefe3f83541b6a7ce886e4b0e741d48e788260d5e11876488b649894b5c30606ad2e9281646d3645a5c4013e65a2da6c1eeb5ecb36f9c9fb8bb5a3fbbbd59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89062d63999783c78470c0d000637f87

    SHA1

    a0d8276a2083a2ae50ee4282677a3f9615eb9b1c

    SHA256

    015379e7e343c5a729088f4198c7ba6f6c5c5302ae7388b6796aca41a1caad57

    SHA512

    648693e44c244763dd14bf87cb3cee5e8557f3bbdbdd964d3670cd715e54259015ede18a99fb568864a6a5b8e066ee4c05f164e97adcb3ab169cc7cbffe40e37

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB51F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB541.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1324-12-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1324-10-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1324-6-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1324-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2868-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2868-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2868-2-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2868-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download