Overview

overview

10

Static

static

3

aca2d81a9e...dd.exe

windows7-x64

10

aca2d81a9e...dd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/11/2024, 07:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aca2d81a9e0c6455ef2602ce86571a045af2e93e2207730e79389dd5aea312dd.exe

  • Size

    1.8MB

  • MD5

    2af084d560905b629add7d1aeea1e3c0

  • SHA1

    0683da90a8aeb6847dcd5aa53c06046e41a0ed3c

  • SHA256

    aca2d81a9e0c6455ef2602ce86571a045af2e93e2207730e79389dd5aea312dd

  • SHA512

    0da4e730b901f8c1c6a2ff4252b3689dbc46ce44ba539983e0caf4a29bd5123e93e239693ebdb87fa826dd240b97458edcc68e13a73d592b5d378f7b6ae3eb9b

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09wOGi9JbBodjwC/hR:/3d5ZQ1QxJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aca2d81a9e0c6455ef2602ce86571a045af2e93e2207730e79389dd5aea312dd.exe
    "C:\Users\Admin\AppData\Local\Temp\aca2d81a9e0c6455ef2602ce86571a045af2e93e2207730e79389dd5aea312dd.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Users\Admin\AppData\Local\Temp\aca2d81a9e0c6455ef2602ce86571a045af2e93e2207730e79389dd5aea312dd.exe
      "C:\Users\Admin\AppData\Local\Temp\aca2d81a9e0c6455ef2602ce86571a045af2e93e2207730e79389dd5aea312dd.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2788
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4a979e05307866d6f743a0689922cbd

    SHA1

    c3470100ff9da862bfe7a3212286a6dde04d573c

    SHA256

    12f5a86e7751a6013a85a5de181c2b64863d198b02db2c6eb801879e21a1356c

    SHA512

    2779718a22ea2710d0c88263301627f1e759cf653b4cf4242233d4e9bfc3965f86982afcd8ca37b762bd9a86f9a80e5153d60f81122f7483c84f216eff4a353e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fde60dcba177697b77433422ecd409ac

    SHA1

    10d9461fe99f0f6fb875c66f5e7a646ea674fe12

    SHA256

    ef0bee10dda498b863f3335f7e14470fc679170bd8e149d3afcd0a0b76b1e58f

    SHA512

    00fd157a8909409cfd0c0800ad8415f0268f1a3970ca2496160d93c4e5574a259dc2a630fd54f4d9b79df2f95bd3aa36331a4e1b1e7b912d6c06221289229c5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67a15f455d788cede6be7692ec563cba

    SHA1

    a437f37c68b330cd652edea9c36f164636406426

    SHA256

    cf6233901cde04b4181fafbcc3898a651912670c07d4437c16fe997470940c2b

    SHA512

    4fb00fea3d2fd8ef7d2e2026ffc6ca87b6a4f0c677fb1095075434798369a365ca4302032ce202819c20db1a6ce2d1a2305fced46374b636531e98eb891c4170

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    907922a0f1c7b174426c2e3a8d99ad8d

    SHA1

    3ced0df97f42f86416f65fa9332a72a48cdbc092

    SHA256

    4cc800ee2eab10891fc0ea434ab33f80473ea86640d9dbf342703c5276ca325b

    SHA512

    f2bf8b967f33b104dd5cd99203f002f7a36a5d9bfc6311dab609e372337dfe48f87b7fa3afe05109ef4fea4a2f9a03a28309fcf873a74d3464b6bc48b0fe25d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a0ae24085734f1063152103b84a5bc5

    SHA1

    7e1f2a2bd6f3b5f72dc4c6755c2c99b42ebc4d92

    SHA256

    f7a77258b02068d62631e48f6a6c7e5392b1c7ba84a8e970def5245b530e2927

    SHA512

    c4adc5bc64d937fcb38b1c71934bd32b3293a189f12315b12bf9b52f239d7660a250b79b97946ca2d633fdf15b2381c92b76bcb224e3478b018cfac4fe4ffac6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    245d0e6ca0d4b293724f31ecb872f0a6

    SHA1

    ae03a3cb464c46d521c55f1e9c4426e2ba3b7165

    SHA256

    016cc1b7b7077c6a9a26639c98704661093f9c21b295db85aae4b72da1a657c4

    SHA512

    ae1b96c272fb7f08eefb7b3d9837fcd34c18bc4deda24de7a3b03df9a9013c3eea8563ea45609cec712b94dc166155e024ba746fa78da5d4dc4e601f0931acae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98dc774382c997cef708feee03b148bb

    SHA1

    53e5e169a576f21749ef333f9d4bd5a4d9cef160

    SHA256

    88ebbfbf2688ea041e0ecf70846a746400d2e8ff14bfec41d8f5a53c544cf32a

    SHA512

    f7417ed13d5bb1d583755d4d30b2337e8ef837b84e4bd34482b8af2d025803fa42b858187fc9854c948826bff182edb440a7c8a1f1ace0a19a0d6449786297fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b80a0fd5bcfee55780da1790927fcaf7

    SHA1

    620aa3231148031f5ce06ea2221b7cc1699afacb

    SHA256

    8071d1500459233c4549a7b63199244b8fc629a3a656430e5e656302c121bd5e

    SHA512

    b02f473f0c4714d299d0cb8a8d4d34b36e1bded7ab73aa8057d7f93d0e47fdd9d47d1943a08dc5efc2471c28bf11005844d8726f6bfc319b4f3e08f3ea68982c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e73c70e44f868a42116fbfa120e89d5

    SHA1

    bd78d76f6e5bb0cfe81740a5d820bf5a40b43912

    SHA256

    fd01e2e3b89a77b0ee3a9657c4c1bbd85a2cf558caf70e6bf482c5a733214090

    SHA512

    bba629144df524399cb316d92b63a3c346ace5b69a9900edd8bb241e19acbee6c7d531057819788e903f0c14195137df7f9ef374fde508047d946653f96c0841

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1d56d47817a6c1af5e2d79fc47e2a42

    SHA1

    ebb9113c439be28403b8039ae349cd70785441d0

    SHA256

    cf66aed174ea041031372a92d418f0972e44b099e53184abc81679bb7236a35f

    SHA512

    84e73163abc6540591be028328f651c701cbdd6d23994e30d4ea8a2334f519483cff391fc5aadbd5373bbf14e679f80ba03b0a3be6fa609f963b4d8d7362f67b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91c30d6ecde3df8e46d90b65b2d36a7b

    SHA1

    02edc6fbe8864da8a2eb354c02d786af3f53b2a2

    SHA256

    8f08f39487fdcdad7f3e9b902f8c8cb19fe5addb4eca0d87c78b4788bc85cb64

    SHA512

    30f25305c98a8e0e59a9c6012b9c89779bbdce8ba27591dad3fc5ff28508d0a84831351dfd3ba0dcdf07e8c2912a1667a0662416fbf4a52c0ffd9ecbe0b9420e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3e89f2dbfe7dba99ce6283f43810e1d

    SHA1

    111f2234276e3272f7214055d918050f170b091f

    SHA256

    711e4fdadf31885e5e423f9f6586aa4debbb6b8dd584b60535f5eb24f29ffcbd

    SHA512

    c2f278cdb13054089809ad92a5b793778bfbc7ea4ddbe1b7b0b14515041ff4ad447a962dccacae81536632b6f26745ba3701d79df001e5649f2addb484f05885

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    910f274c4c7d9f209b29246d6901ba66

    SHA1

    1d6dfa85a1c7ac4bedc38800d3770ce7d9ccf8bd

    SHA256

    4eafcfb8e8501ede20e5657133f743e219379d3205df44b4e5703d8bc107cfca

    SHA512

    0b3ac81466676eefe0de6178096c991a614f37b62f96648958bdef23634bb05b710b32fb3a8ac5943f2423a9114caa4f134d0c89b22b8267296f60b47963c8f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    020fcd27966bb771ec80324bfe333f4a

    SHA1

    cc11b450b208d817f477892a9dd5f8d1f43f3cae

    SHA256

    76350cc0da9438cb179661417855f57cf8878d383bc592b73bf0a2416af9d01a

    SHA512

    0bd6c1a323564455373fba618b6ad80a6751d621ea67d2f4ad128a0ec878278ded309551a43b609e911f92c2ed7ce6a773c56a14f8efe60ef91d93efc7e724d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70323c58e07cdaf631904049328ea632

    SHA1

    44ad9fc318d1ca2c5b210b9a9ee4f198883becd8

    SHA256

    06dd09b2e1a72ec7ad8aa7bf710b5a51ff65a2fc28379dd1ead6743acc20fe0f

    SHA512

    3ba69cb4a4eca2b12158fbed5b0e1f5c4c215e4962cf76afdbaafdde4f0a36ccd6f8c8be833c7ddb933b20895c7f45faaab61195a258421ada14259eaa864c74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a395a145e481127a0d43c4bf053d24cf

    SHA1

    152d49256dea41834990e7ed16112d035589c809

    SHA256

    6ffe3b18cfe7eef01c01acdf03979ecac71cb2c3621dbd684a605f935e7ae31f

    SHA512

    6eeb588ba70ee75623be8830aba0be95316463a180350278b4db85fdd1f1edc41d30a6a56f6d0ee1c598f28bc94dd739a69bb5bb3598c184d7f178103d90edfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6c822a0816ef2276cc731cac74c10f3

    SHA1

    317a924ef883f798258a020daf8d99cd31229e05

    SHA256

    986ec25417b647fb527623e8b0c794838cb8d01c874a430703bbf66a27fd75a4

    SHA512

    e7ea9a26ff2c5fb01a64a185d4f53ae3e6c332e8b1d1428cf8b1d3d29a465d15687033427cab54dd11b8c232f2763c6971463601e077100b64684f843ea6ee00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26082f015968bcef5a9c2f02bd6e0eff

    SHA1

    90839a72918609d9f03885d591b14bd1b6f60870

    SHA256

    13249c8a196ec8ad808e586130d29b26000f9e992a1444b6607875ff48ab5e96

    SHA512

    34263beb4496742a578874a3ba7c6c2306a89758eb2e1bc0cd7e7219d5bd3ad78b43420a30f04289b6120802780b1ff5e10ed73129b4a7def8c9a596e373b7be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2fb460fb13bcca65f5666c5f8db6b100

    SHA1

    ba253df9d77042730c5e10b0896a5045d24cfe8d

    SHA256

    0a7cf06ef85b1ce2407e729e763cd59bf5432382baa6a196360b0da4589eaccf

    SHA512

    506bce40af772242388b4e48dbfd675f5f2536679216d874ce6cf3f58561ecfc6847f4c204ac3b22c523304a0a5f01b53d022dff55fbf623d05cecb4962d31ff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBCFC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBD6C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2208-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2208-6-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-10-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2208-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2208-13-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2240-2-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2240-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2240-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2240-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download