Overview

overview

10

Static

static

3

3ce5a5eec8...c3.exe

windows7-x64

10

3ce5a5eec8...c3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    20-09-2024 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3.exe

  • Size

    1.8MB

  • MD5

    8bc94255b0c3a9235c1922f51f55eca0

  • SHA1

    054bdfefcaa0779425475ae182f6ae5726a8017e

  • SHA256

    3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3

  • SHA512

    73947b96d2643f460cea4abba1015735fa5ad0dabaf72eb349b01389bb29c2cddf81f232ba2a647ec88e6f308f803dbe2cdec47f928e686d39f7bbbaadbe0437

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09kOGi9JbBodjwC/hR:/3d5ZQ1sxJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3.exe
    "C:\Users\Admin\AppData\Local\Temp\3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Users\Admin\AppData\Local\Temp\3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3.exe
      "C:\Users\Admin\AppData\Local\Temp\3ce5a5eec8cc333a09cef77ff7c5cdcacb57e9031173b52e500971840859eac3.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2556
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2908
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11c4fc2da2da6456dd347d12ff11ba15

    SHA1

    cf30492e4923bfc93c08e8f3cfa44ee99d77f045

    SHA256

    022df4f175367e27f606210a26b4b29d5b3c658ab50600c735d4c601192c4401

    SHA512

    1d8434f79aa7a1754006d2b4677c5fd0c80219b5f597d6813700a1bfb4eba5373a9f98ba9661d39dfc03928952bbfca7195ff81ae94a69f3ac96306179e142bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70e32a55d2c5a12ac93d0d7e0a95f593

    SHA1

    2c53eb96bba1f875221714d09e2051e9c2c4c734

    SHA256

    7e5f27080941d38ed3c99995b711c1c894452318e69a111de0676007a89a3b06

    SHA512

    942037b6c5aedfbf0123e7a56510457e9f2478b79675470d96dd6eb5e6b1c7e5a8bf5c4eba5a7cf2f01f9dd7d6351c4d078fcda24d20a88c43c792d0b2d989f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d8331162a6ef33b2f4c726f7d0346d0

    SHA1

    2d50e8063335947d520657e81e51261040df944b

    SHA256

    04426b9dd3cb8979ab8a1148346ee4abcf7c0a9fa0f7a5fbd92018922164940d

    SHA512

    3988c890470333a874829d9ab5627cbece5c1d8bda54987d6cd24865d9fc4b478fa7556ad658124a83cae7dafafadc47106aad5d811dc33f643cf4c6ae0bfb77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c1553d667fb2db640f3488627c7fe1a

    SHA1

    c1be21eb147d9b648b7ef2018f34cdfc22fb19af

    SHA256

    ffac9b8ca123d40c7b8f78c9f8d8d335aae1ce67edc682e652ba4847755b1bac

    SHA512

    f002d3779801eb7f712abcd6de741d4f15449eb827d08ce15d801fe97ac5f947f37b6b57c5a8dd3bb0592090be9bde70f8b9221befcf71c73df9a060401f3d87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df94ba39cd2d3adb26ae24c0250fb0ee

    SHA1

    266516a39ca1e97727b8da309a8e16ed8631344c

    SHA256

    f622759cbdf5061f0ef7b6854e3cd6a7b7df59868d1d733b41ec57318a61f40d

    SHA512

    396d0eef0042a2133fcd7056cf10eddeeb07a093c6215e2e2b159a366bf3e8401dd5d560a75c6df288090d06f93d36cc402607b246efdd127f475eb1aec8168e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    168b224135adbd9707bb2113e91e436c

    SHA1

    e42369abb2973a9a587c4cd6c332b3edd21a4169

    SHA256

    9750041c11736df228ff1e6dadc7a424d4b8f80ac7b0ca892fea29eca42aca11

    SHA512

    ddce2e941c9010073af7d982c40b6c2f49da417877f8af07ec08ae5b12f34ea8bd9f9a6e47c373b42a1f20e651387eef44ab21e71874d8ed8cb5b4df6f965246

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da6e42fe86e5de471b2478768f2c528c

    SHA1

    dd3dfa35e2f0385830e1ba780b1ce30a666a43ef

    SHA256

    e79bf0564ceebef9ac3c7dd7a303c127e4c0caa827de1fecfa562488626c8a0c

    SHA512

    dca9d12e9289e176bfb4fd78190cfbf05eb4fd8bbc23e3ae367ce3590e25d2f696156b2c3fbb82d4636d9a28c806f5c069fc413322a2fd8a1fca0442e51d02d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5a8498cd06b3495ce3ce6c96757af9a

    SHA1

    451d9536745077bf4ac316170bdd014c719d4882

    SHA256

    ea95a8f09911c5abe4de8eaef4f1b545096a07670fb815d94b70e7297fbc974d

    SHA512

    30af61bcd010e4030889c7c6bba4774ecb059357b04e3d99d48c0519679dd1a2d930a40a8dad659ba27f73fdfc275f69fe6906ff07a51cce19d7e7d75d8fcd24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e1b59eb066355904558027506616965

    SHA1

    ce8642e485143b5bf0a7c89017d47a7ecb03c580

    SHA256

    0b028c6e6d0a4bb7ca750412d14da6277ffbfea1ae30e57a4c425136d9d9b781

    SHA512

    f685a67edbae71bbcd9cfb2041e6c8f2e09e6e1963bd38a627b6f780b95c5a747a29109df13b9b40a5568a35ec4f224e7ac1d59afe85d29d05fb0134717b4947

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ecf8368062aaa661cf2825650ec35518

    SHA1

    a7631ef366f3c5702b0795d1a18936b7a310ef13

    SHA256

    015d7a9bf02efc251c13043991a244871948c3ecb9e5103ec4f108b577d9b6d3

    SHA512

    b688130746c0d0fd697889461cc215b9c7656d1dc76f343bfdea3cd8a993b745aef84670e67f7a3597e174aba5f8bcebe48718d8e69ec1f0b387dc636dcccc14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26cb33f001e2a225f830e5fe27c41377

    SHA1

    8d58649bafe8b987bc2e54d0ca2f306a88c6ba0d

    SHA256

    7bd205523ceff7fd384295df4b8188ec446b781cb1b111e8d16120413a06a744

    SHA512

    1324051832d572a48b62e108b8d9edfe46eebbd1ed35384bcc0a0102bf190ef00d2c0ae68e6b4a8d083da34badd2fcf88ce2e583868bf3bddc128e8df7664e9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d16d38bf1609afd9499e0ebfd1277fc

    SHA1

    50ea734a61250e915a5bd99133e8f82ca9820cf4

    SHA256

    5a2c02127392cdab142e6045c9cbc0f3c48187bd5210b5f2f2da2b1ea6a54de2

    SHA512

    a276b3dc0765ca0979e7150243a75e526bcbc50b7eabc33ac7ac1fba3f86478e3c530e09f608cb7712f0427f13996cb2b9c92213a38053737e54b422a6b478d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e833baeae0a9465a67cf8330b2b8e07

    SHA1

    038bc259e7cb40fb836b90fb85a2e6ba6ae4a9f6

    SHA256

    3e9dcb85161c2272376348889844de136543398bc657b15aa86020ea86e2b36b

    SHA512

    1026035ef951fedab1ece5ff6ecc6baf9d3dce9b620bfc9c5f6baad776260e1e6cf5bc01ba1a670ec31156a5a2e022fb585bc5ff558728e2cb2481190b340128

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9052eb295b0357d12799397fec2aa08

    SHA1

    650330273c13c5a13c3347690237dd5a264b53b8

    SHA256

    6b24090b4242ba4cfa1c167451cf1c94b59a3dc001de4fa9c042071263ebbd2e

    SHA512

    34bd93050a8da4975a925e703e42fff4a3395d0960aadd1f811130a5d4aa509b215d931747c102271db70af278ebde74a6dc43d9359d3d29f698691b06033f22

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d77f8651ef128247a994cb7306678d4b

    SHA1

    fc93323a1d6827f8b5121bf2387861575745e168

    SHA256

    8bf92f09a92d38c1192dbe62a277a1da28a8ee203e876830b64956746b686a2f

    SHA512

    4e4f9cda814e6629a43244b68c62b8dc02fa8960226b23b37aa3ca1ab1db7a213004f07c2e4f9423f6dc8cba1d63d021b70efc79f5e8dd0c9d97e9afb51ed267

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b9ad94012d9f45fb9cb8c54dbbb10bc

    SHA1

    817c5df05252bba2e058d749cbc68e2e61f1d399

    SHA256

    3b8faf30cff59e3adbaa3ab2e98d221aec4336f85b121e7ced46ada1a074de28

    SHA512

    ef4fa8c7e7723d7e450dc8e0845f8b54bad0ac8dc89ee0be81b20c07f05d6c98e87a83047248bd0dcb5268994d4b7ce4b9f0e064b07fc7d311d2e54c15b54219

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6074971567d2d1af71e9c338de1c9a0

    SHA1

    58eb7f018cb4bf49ec0ad2752cc7b23bf54f8edc

    SHA256

    ebc31cb48dd41885aa42e3996ad6884e83d6afcb733023e0b35a5c01872905ad

    SHA512

    f59d6df1d10f04488ba0f1bdb45c749b6ab551329589ac3a8170f8665efecb8ed0b778de64ca32d5de4c147e3792848c6da1aefefa2015521a2c21ded695132c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC0A4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC0D5.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2556-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2556-6-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2556-10-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2556-12-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2960-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2960-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2960-2-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2960-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download