Overview

overview

10

Static

static

3

3ce5a5eec8...c3.exe

windows7-x64

10

3ce5a5eec8...c3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20-09-2024 14:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3.exe

  • Size

    1.8MB

  • MD5

    8bc94255b0c3a9235c1922f51f55eca0

  • SHA1

    054bdfefcaa0779425475ae182f6ae5726a8017e

  • SHA256

    3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3

  • SHA512

    73947b96d2643f460cea4abba1015735fa5ad0dabaf72eb349b01389bb29c2cddf81f232ba2a647ec88e6f308f803dbe2cdec47f928e686d39f7bbbaadbe0437

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09kOGi9JbBodjwC/hR:/3d5ZQ1sxJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3.exe
    "C:\Users\Admin\AppData\Local\Temp\3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Users\Admin\AppData\Local\Temp\3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3.exe
      "C:\Users\Admin\AppData\Local\Temp\3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2952
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3016
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46bd02ecdb88a343645b342d34ae6e7f

    SHA1

    0ef5411da758350122a387de78286ef163365462

    SHA256

    2f49199828c2b14225583be23677264ba8ab5faa4a8ccbe02d3e4301446854f7

    SHA512

    984b1ff5e65e76a32d369e70d0c7ab01259998010bcf5c3dc76b96286950fe20a01d128e067701827e71a61ced43fe510cbe84e34ccb970d0aa01807aa1646cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2d5fc48857c6a126ebf37adc1527387

    SHA1

    c2187cdd17da94aca13d3f2085120f0637ce32f4

    SHA256

    4c4a73215c979dc79ec2bebb7baf3199ad58e91a5231def57edbe575a29de4bd

    SHA512

    6e91d143cff2d2fc43d085dc38c3c9274539fe421aa6c954c2cf67c0daa81beb412e0eeb2cd6d1604ec15650cd5d3d34b7a0acb90bf284b2452b42b5c42c4eb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7dc9a633413d3e035c92c66692959d19

    SHA1

    d1ff12c4b3b26d5220daa0bab2cfe1e4835f3442

    SHA256

    1a442b13d7871476507b6433fe32fba8174d1dcf5723d618dd7de37b9d221827

    SHA512

    21ed77bde123857b3b0a46849791cf03f7482adde0a77c1eab0ccd77143249750c35bed6a8b59ee296e5ee0247c1d3d4fb409c18e53ddb898698c873c3e562d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61db8ff4c3ce8fe0ab190caec9e23c1c

    SHA1

    c3349555c9b37d64835200bcd4b457273e55f6c2

    SHA256

    9337228aa2e0d1effec1205b75498587aa26f1bdf6cec748ce094f6a33d8d9a4

    SHA512

    38d92a950390b4ece2e4c0b5082f6307f7b7476814cc64fa56b48c8b79ec379314c5bda9f1339952c6dd2c6f6f1c0639d4ea5911468bf898711fe78fa94a7e1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c5727cdd6d5912da21cbca7993ca4b2

    SHA1

    5dab40b16c1f6706cc01f96fbdb0ead071cd4196

    SHA256

    2085df55c949f7f9470f2e753ab7e903209b691f575e43a528617390c4408322

    SHA512

    d3a6a1f61402a76ebb6c90d107229bec2dda9da5ea9976b571e9d9d11a70d28f60acd356de4e1f9c0b9a4c6da249dcf551123786ba8660ac103b7508d62c42b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    259b6debcb690bf77d09ae261dbf6f26

    SHA1

    5e167548bba85d2c9b827f7176fb6a34ec04d67b

    SHA256

    f0bd7558f630ce96c25b37da5f2f82d45553646b0eb1fabf6dc40a9f813ee272

    SHA512

    0c4c552413cd0164b1f39cff09495d4b7e10c40e2589eec85a5154cdd71b2e10118c672f0816ca3756b34e2a1b31f4bdbc5735de137cfb2df6a6295bc66249e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6b12d2510ae537b94a2535dc87af7fa

    SHA1

    5d94b598ee9e9f5a05605be81f197a9069d9332f

    SHA256

    79f5ddeb6917557245822d096a1a92785b176453ad8ed9fb9b05bdc69071c620

    SHA512

    1865277a521761af274fa1dd40464fb06e810b062f56f9782978590b9134eb86e08757162042b37aafe05d8a1c69349a9d459bdb3778020cf2c3384edbe2792b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4129f5fd124b919034a539b028e9e50d

    SHA1

    7f698b8ce24aeea995c71eea00fbe5ff99059fd1

    SHA256

    8499da781303c08fb55b48371127b0513f3761f24c6ec3df8075f57b9f2d76a4

    SHA512

    5a6a3122eb007ecd36eb1792180506a347253b89c42881d76611b007fa7b069db1abce5a1b16d6df8f439cc951bf08b76f38bbea5d22dc0f56bc0d23c4d65337

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66785ff3a853dcbda0bdd42f349c2271

    SHA1

    d3a3067b51e9d199ed1fa4d724c950e1f1b80a31

    SHA256

    47ddab3082ea04fbce3727f246f35d6e9fefeb450b6a6cc973be4a53959ed20e

    SHA512

    11b6ebce517a05f85df2c5bdde0fb7873bf02fbc5b387fda5d5c056424fc2896ac7651e3896a762eed8adfdf4a9239db94d54a83d29ec8de99171d08065178b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7eb30eabe65cb98ec90b63a845b8ad07

    SHA1

    0226a53dd9e64927d0295b67f536443ef572d5d2

    SHA256

    036a515dadf9f5e3c0d8616f6ec8ac06dbdc36ecd8f4eb3faf9d5236263473a8

    SHA512

    d4f5052ee0959fd2358b8938ee08cc59be38492280489682626c0150d7d7b1d9f669e6ce5332a0af1fa3933262105d39dde1d26c90fe345f46f3c2496001e11c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17738c2fa9ec1c5bbaa4d02d3ad77ed3

    SHA1

    70ea8f2c40e3e0e7c29d48efd5c42f2619fde982

    SHA256

    cbc0b1a2749e60f3e18887c7b08305a62e47f3436d3a534cbbc764e6f35e3771

    SHA512

    b7e6ecce077fded20bdb16bc0a7223746a5968dbc719075e1a1c5bf32616c18c46f38373ee4df3e0c1dc14e1cbbc51605b89540a2a4490255c5470e91d549a13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d83f04e55a36e7975526f08a8345413b

    SHA1

    caafde1e30af02e389131559f50286a42a60069d

    SHA256

    c178f1140c3d49ef56d6de8c39534e74d915c5ab1b2703ceec590bd149b18ebd

    SHA512

    c55f8d19c7fb0ff567bb249b1b8be792b2c1185548b77fcf845ef0ee1307d2079db3d7a6a63d340acce543a8ea0f97f7fe1ea57ebb4fc63886df8a949150e2a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    340f83779946d1ef84bee009fa19947a

    SHA1

    f431776e751e5d1f9cf814702162fa233e50de23

    SHA256

    c71212833888bd92607caec661149a9806081bdecf4b4622250233174af92586

    SHA512

    7f853749c7538b115cd0e0bc46035fa851c0d91278bbb881a937618d0943376e5f81743020ad7679c23ac6391a1348168e8637b7dba3d7d0bda424cdfde20be6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31d130b238f90e007e484c2f6e3fb0a7

    SHA1

    f3c1c9803680222447efe56b47c59b66b78b9237

    SHA256

    a8f28b13a570abd020de3b36a125c4b27e74bd38ac9527ea581488c0498067ec

    SHA512

    f95a5cc4cacb5c926d7e298314145246982b66a58377a1ee1c0af3242d3056f91d4a6400321bf0a95f624ee5f985df7d246874f87986a5e380dad6f164a93661

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8bc55415869f5eb1d91695d8586ce6da

    SHA1

    5a6889441b733a34cfc0319dc7c414ab95f409b1

    SHA256

    64feae8be7536146135196365fcd322c2e3a54eb7ce40e0902e70e5fadeab615

    SHA512

    4c7f04c21f8464b2f6777d14c195a58d206209276bc896d2afcdc4e52aa570f64a4333a1f3b98541c3139df5a54cffd680ae09bdf7fc4c13cbfadba37e739e84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5eb7a33ceda98695fac491c9471f32ff

    SHA1

    01bb6b8b1bde2dc7f2cb8af287e0af934f84a1cc

    SHA256

    64dc53af0d931de6d6258f93647d05dd3617747467e1ee13d2feee2ded7367a6

    SHA512

    4967f06bb212a7f894a93da5bd86f207265bfe45815c0addd280e08e478e7f4ff098cd7ac55f88999d5756825d266d2631c784e558db4cfd257e9808c445b141

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b08612217ae2e76a10420bc0d139d850

    SHA1

    eaaa10b0b71def3dbdcc86b7d608102625d621fb

    SHA256

    4b4d8f489c2fd8b6cc4dd918a54aa93267b99e6425e810f1edf116a374f70ad7

    SHA512

    5f4874b6f4629389ebbc09511b906a1d959db799f88a32c2ce471758f66eac34b30e21e558f6d2e72b7782cf11508572ea25cd772f98d91ec89f6989d9170b23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5e8561ebc920a10c162f34f15c4105e

    SHA1

    0c52ada5ce8c5d9f9e8a73277b40797460650aba

    SHA256

    d91adbbeb098d1e9c58a2cddda4939d94dfb19a1c44253fc55b4bb99e7463a6e

    SHA512

    be983e2a4fef985b9f2eec97345a05bee2f7bd7a33ecbac00d5a1746608efa1ba3c66017c1cc59d9156831ed31cc893da247672ee350ffcf79d9981ba8d91971

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91ef6a69c62fc8f401d79ebdbca1ad8d

    SHA1

    81f914da0476d21876f82dfdfc6a4be892ff873b

    SHA256

    bbbbe9462e19ad621cf730939316592b7bb6cea795efdae3b0e71543a085f2bd

    SHA512

    207a86e49847dd77da321a923b0c442ce9e675fc3427cf7dc2fa6ccc212fb6c851582ac37837d007fa156ffabebbdd2c7445085116e8453c43c82474aa40f1c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE3AC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE45C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2644-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2644-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2644-2-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2644-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2952-6-0x00000000002F0000-0x00000000002F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2952-9-0x00000000002F0000-0x00000000002F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2952-10-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2952-12-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download