Overview

overview

10

Static

static

3

aca2d81a9e...dd.exe

windows7-x64

10

aca2d81a9e...dd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    04-11-2024 07:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aca2d81a9e0c6455ef2602ce86571a045af2e93e2207730e79389dd5aea312dd.exe

  • Size

    1.8MB

  • MD5

    2af084d560905b629add7d1aeea1e3c0

  • SHA1

    0683da90a8aeb6847dcd5aa53c06046e41a0ed3c

  • SHA256

    aca2d81a9e0c6455ef2602ce86571a045af2e93e2207730e79389dd5aea312dd

  • SHA512

    0da4e730b901f8c1c6a2ff4252b3689dbc46ce44ba539983e0caf4a29bd5123e93e239693ebdb87fa826dd240b97458edcc68e13a73d592b5d378f7b6ae3eb9b

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09wOGi9JbBodjwC/hR:/3d5ZQ1QxJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aca2d81a9e0c6455ef2602ce86571a045af2e93e2207730e79389dd5aea312dd.exe
    "C:\Users\Admin\AppData\Local\Temp\aca2d81a9e0c6455ef2602ce86571a045af2e93e2207730e79389dd5aea312dd.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1824
    • C:\Users\Admin\AppData\Local\Temp\aca2d81a9e0c6455ef2602ce86571a045af2e93e2207730e79389dd5aea312dd.exe
      "C:\Users\Admin\AppData\Local\Temp\aca2d81a9e0c6455ef2602ce86571a045af2e93e2207730e79389dd5aea312dd.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2880
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:692
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:692 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9e4528bc359f14da29f7d2b92393387

    SHA1

    6b619657002f01757d7d664ab93f203bc1f16f35

    SHA256

    80229f4744e3ce565c0d2a47bea7f550975af39c04c65d738bfcb5c072c81429

    SHA512

    c8238c513baab20b0c1824b9fd3eadf728ad5c2097179f6a98dc5f6d9909ef7a9e26d089a72294e1a42b9fbc1deeb1b2bce52930af7848fd1237b298948fca21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e11e4b331c472acaf238c4c9526a4251

    SHA1

    eefeaf0ee7f15cbde4a1071ddf8e7f17410385ec

    SHA256

    875602b868d206faf3d068fb3d3c4202321ceb6a944f7583f3b5334033805c7e

    SHA512

    28a78b60ce1d8156760432a68134ecb79400f83be5f175c68f747970b757544bffdfe162682becf8d8b32857c1ffd4e4aa78c999808f343e6296762472daa5c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    108b31889d3ca25e3e77c86be2eeaef2

    SHA1

    b85dc16a51c2921860e59eed9c590e9e00b941dc

    SHA256

    53fdf491fe3c7d8bde4949b4ad2b69b24ca826af2a9454cd24ee05fe31b5f561

    SHA512

    57a21ec32e100ff0f4352a5cc29fae27a8e621b83d076ddc6588f50a5b07118e61afe391f2be5b4ee8c5af34451f42890065f479ccc1ccb056619c9531aa3494

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4614ec176b6f7aad6ec0423142dc5e09

    SHA1

    38099ae0c5728a15c820a82b66495880a37e354b

    SHA256

    467040611127bcb13a26c8dfd9968c764e203e2436c832b5d1458021a4c2cae1

    SHA512

    954c3af11424a1714f65699172ecd736800a2b2d1f51cca9a187b45e5e5169ee2eee30cec0df86c23a8d25821635c8dec370bd0f9b6d5cf071ad65bf77d14b58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17c50a66bed99fada65988d5b1e28ece

    SHA1

    ffd5b83734dd8fc05006ecb96cb635965719f5a3

    SHA256

    c404acdae28d1417e89f7a1475e701c920bff093a4855a549d48f9bfeb751063

    SHA512

    4d3d9158bce7b3c4775bbf9eddecd7755cace72b70326df912d41beeacd3b190296d58ff226e94c4edbcf315aaa92f60cf12d834c14c78d6599ee4ffbd138627

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1fbeaad6bc8d37089b19fc671d418ecc

    SHA1

    e9da8a3dc75a3b79d0bbf763e986d893b936ca55

    SHA256

    1b6f4c91c44ed9b4ec1e025acea92ce9383d438f661d45203a106fbfad5f9dbb

    SHA512

    97e17a0ccf0543a707052013d49f980079cba007859a1f814b526f070fbb60bdb61962cb987c098ccc79ea6e2c9618fb2051e9a5c0762c48ba55b8797f6d140a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d3089b81db98d50ba365ff1cf34a5bb

    SHA1

    f0dbd11efc79ec2f30ce38b455729e97632fbee1

    SHA256

    cbf3304650d55320a25de2a00cc79e3ca38f93d182995e890c327792566ae522

    SHA512

    05a203e3bf1d82227f86374d9dec88d53930896afc488a67894dc3ac4000887ac41382ac2507bb7b76e477c6f9fd79247cd12aa140ae426b1ac0c1d711f4f291

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb65822386cf27f01d4fb93c9d389e94

    SHA1

    6896df1ce640a14d71aa6555eaf7f79943ca9db3

    SHA256

    f25bed87a1e2e627cd2468e18c2f350b47982bb1b94f30912512fa83243c2a76

    SHA512

    fade83286bfc0e418fdd76f196b52450bb486d1480678b484534effd092b21aa0d340dbb81fb7838bd4f6ff1d289c5e721c90d92b984e88e7a8f2cfe43b0d30a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    726f33e462d27ba40bc970ad73bab450

    SHA1

    1858b58911f3325cfc463f2bf0fabe8971bbcdbf

    SHA256

    f737fe228ca58f8e84448462116a7278b3977330443329575ac7e498b85291f4

    SHA512

    2b8cc40b52c988f1c38c186213275d4228af04b1919beb3850daa712f7cb332090cb6e086b7715c8b6c150463ff70de21193bdf87825470f33223615bf73262b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a92eafbe96ef3d8e3615fedd3fdc3f0

    SHA1

    e0f064bc9725ff05ebb7ad45f6009ed332ee2cb5

    SHA256

    41796fad3f5329feb29788c9b87567c8aba3559aed1d0eede0ae7e58c94c840c

    SHA512

    7e6e6c2f049fbc0d85ffd0c68d86588870e486d083f5bb9cfa92ea7cbba1f64116cbf64caa536d03eec7f45099f23c0a31eb444a3b42e0fde6b676aacee0c3fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0001cc3465fae840a1a6df290e534fe0

    SHA1

    0a4c4047320626e7bce8b7cbbb6923e047fda021

    SHA256

    25e0e1c4fa70aeeceb2bd838a1ba7b9c239c26f85cb8ee2daade9593f5cfd6f5

    SHA512

    f2a2e61e8b3b1b31e397d3db684805caf5ef70585524451d567daeae22c60986d107c34c23bb4610c47b117f5255eccc1471a3a083a6358cab2c042ed0d1b06e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d31a003bb2d74e41a4d50d7e73687fd

    SHA1

    b288164da8a47dfdb2576358742b21e6aab34218

    SHA256

    826bb6c7b39e83ddc1faa5a4965dbf554b745b7b833a027221e75f1d018effa7

    SHA512

    7dcfd24ae1c69baa2b3029b4f4a42375cfd2c8f3a381e70465a036d0f147d0ef2e87c6f20801ed079aeaa1ec0d10d352bfc970ed6cb121aca13bfddb0c0874a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1cb20a252172be58bb8a0e670a1a75e3

    SHA1

    8056c76e4b410d04835e9c15a2ca6a6fb51613ae

    SHA256

    b9103ff2913d25999e623d37f214a238378a6d25bfb456763410b4da48e0bb61

    SHA512

    6016cf6a23d0051d6d60ce6c86ecb4ce1f501205512bb75544147d0d8cf1cefd420b9e13b294574a228f55dd8093a6bf55aea8c60c6c53b08a22f22bbaaedc58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91171b9a8075d13e701b155b99a86ff5

    SHA1

    448615188f5fb32ebaf1bf674acb986fab766150

    SHA256

    da4ac2bd6bddd6263af117a3e0e54140857bdf3e43c297c0211a270fdf7d157a

    SHA512

    83a44ecf45a10bbdf6188310416188aa08dfd86ed1fecf176a9586c235fb66eb1bb11c5ad7ec272db5f4e21459344d34914719eea4e9fdcb14afca295ec386d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cec23d9b9b17ca2317e7ceb33adcffe6

    SHA1

    05f0b8ba2d2c1c404d8d0eb59f40693ddeed6914

    SHA256

    968b5d4769533384cade633119ead770816685dc746c439181bf14a7c85c8d0a

    SHA512

    fd9c229ea7980c9a4703bea7e8217099053b207d9c9cb0fa80d13c91d328d2b55d5aa9df15b45ea4f41976488b07e3a69431b40cf23dae1ae629cfe71357e543

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1c2925b714b72a9ad70335f457cdefe

    SHA1

    bc12e4b8d214c79cefa78638578d6971fd65a4c7

    SHA256

    803eedb66f19a55d136e3fd4a520a29fd7fc50c4587c8102c4a4e05596c0027b

    SHA512

    34576414c3459bd06ea8ff1644a6076a8374003a52a3af7c16909ca858b65630a4933fa241b406336892a786316eb561df2359b5ff4e4bf0d304583b80284c3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    632ab61e019c6fed424ced9dd52c1110

    SHA1

    692c9d9a6aca6098cf8c0bb7b122b3856dc0eae3

    SHA256

    1289d130bea97013e56c4194a4b723e56999444a97c87e6578ae052d32e31564

    SHA512

    4f184a68c3757566e0195251f755783778141d55cf2ce8c0ad597e29e2014411e9fc871dac3e34fa47c0cb4b8497ee8055b66028d3e9f80141424dc6f6b856a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    406291b370f32fb30a5a0dd0f6b878c5

    SHA1

    30008fc3c7a4a294295f62e2d2466c93d66bd1d4

    SHA256

    12aa536e41235693294b82bd73693c826d0bf07f75e815059b7f899b581d1f7e

    SHA512

    10666fb35d7e3f6318b04ace16dad0b772b9561a2f36724602e2f0c2058aa2705bc44a7d7cafd91f9231c53b495abae08efd47776a754a0d5fb353e1aa3f4248

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9C9F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9D5E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1824-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1824-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1824-2-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1824-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2880-6-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2880-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2880-10-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2880-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2880-13-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download