Overview

overview

10

Static

static

3

c68e95ce90...46.exe

windows7-x64

10

c68e95ce90...46.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-11-2024 10:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c68e95ce90f8d65d4b3db04e258313772cf2168919bc1683ba36febd5ab2a246.exe

  • Size

    1.8MB

  • MD5

    55a9a09c82b9a5ded1041d58acabeab1

  • SHA1

    f87de5cd57dfc500976a113239ab440e9dca5209

  • SHA256

    c68e95ce90f8d65d4b3db04e258313772cf2168919bc1683ba36febd5ab2a246

  • SHA512

    8dd15b933cf32efef9901c48787e637bcf8f14f74dd551b49df7129f076667e94a6c30db23c183a646bd3427ded746ec92131fefab48e34cd20e14bd6d0fa8d4

  • SSDEEP

    24576:k3vLRdVhZBK8NogWYO099OGi9JGRwNhAPoQxIC/hR:k3d5ZQ1TxJGRwNaPoQx

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c68e95ce90f8d65d4b3db04e258313772cf2168919bc1683ba36febd5ab2a246.exe
    "C:\Users\Admin\AppData\Local\Temp\c68e95ce90f8d65d4b3db04e258313772cf2168919bc1683ba36febd5ab2a246.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2996
    • C:\Users\Admin\AppData\Local\Temp\c68e95ce90f8d65d4b3db04e258313772cf2168919bc1683ba36febd5ab2a246.exe
      "C:\Users\Admin\AppData\Local\Temp\c68e95ce90f8d65d4b3db04e258313772cf2168919bc1683ba36febd5ab2a246.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3004
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2464
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df611a0bc040ff6c012f1a8f3aadaa60

    SHA1

    4716d0ff6ef6d50f74680b006ed781f3b0c5bfd8

    SHA256

    ae4f3b5f79c48bd1cf33fa2e863a0304051321963a5187a916f9bd01befcf197

    SHA512

    62b0702673460b7809e461300980ed70dda845c163834dc5c38be5ebfe25a8556696bee8a0da4472ef6bb1b6a54277afbc5b1faf7329e72a77a94e611b91c35f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7134784ad71ff316c95f1d978d5648f4

    SHA1

    86b7f3ea3de579fda219c642c7bcd6fcdcaf6b7b

    SHA256

    0d1d405bf6e0c3af7780a1c7c67b844b03e77b295893e161ad780ff8eb69cfb2

    SHA512

    55325d982c91627768f8c89320dade6cda1712733221e76be51a350d2a053ddb2045bb6c945e7fe7a4eb0f9470755c000ff37efaaec212dde85271b6625b5ca5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d398b07b600f3249c5a3e2cfca801fc6

    SHA1

    0bd1839d075a30605bace0a43f88047d77c3f371

    SHA256

    26cc5e4c1481d78a5bac089b6a9e0d67ecc0094134fd2d0fe3e258500b2b3e9d

    SHA512

    7a7cc2d834a8b69a6da2262f47b0d8aa9e33eafbda73f23e4b9512f031e5368771b63db1f4c2627412c3d5b60081f6e5258cf27cc8c3e7f592553ebda2736e71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94d3087e6a3c9759f0676554c2ab4da2

    SHA1

    77883d1433b46b0f0abc64a7c5129030426e485f

    SHA256

    15041d631e35a5be0691bcc283a52342c61510105ed83f2fad6b2a7cf8e881bf

    SHA512

    9fe10b5d6c04086cdd84c20a8d3c24f9dc3ad52e6a1392bb6609cbc8d5cc910fcdf3dfeba8110d40b8dd8903c61acdc12a9d97feaeb654e4c4874bc7dcccbd2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d10706252fd5fec7e99506b2931506f5

    SHA1

    2fa415ac9c900deb898dfe80a5da18c0cbc92991

    SHA256

    eb5b19ece081ebac991daebfead9fba30611a440bcebdec225743a3743ea3ca6

    SHA512

    ecdbb69a7b021ee79014e8240f24161f945fd1af186623987c84cbf20443d00a4ef8e325299dfd90750f5aab70be8bc8a352cffbfe41b03fd6486a928ca0e25d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72713573aaf58da12206acfd5548d19c

    SHA1

    39d25c8622dae84768ff80989407f4cec7e30ab0

    SHA256

    630b4d013f809c4e5af0ec4ac798193cd1cd7997a42f390fa26a225c2a06ee45

    SHA512

    544e7270081f5424806ea339ab7441cee8563b1666206a6811c48316e0950b7d7725f721d7aaf5f76c33e70000b7209a059874f0293bbc4304f28d2cfd521f19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    210b8c88b171990fbc8eae59a00b9578

    SHA1

    1950c04aca3b6fe6dde1d91e6b9734c16306220d

    SHA256

    4725c607a8334df9c7233999e23eedf03f1cd758a301786eda0fa79d172a9be1

    SHA512

    9fe00f2cd036aa97271bc1f3ff878aaded7a1382d0478965c809bdda8544ff858404105d27fec67cf21e936dd854abd8af75542ad7b4358b69ce7d532c42e5ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33d56e99ae41021433d304eadca92aa8

    SHA1

    10cbadb0d9064d9bd3997f7c71ab2c410a15624c

    SHA256

    c505403914a339d88aef35fd9e9389d16e7c6efb25d2940d51f048ef92f8425a

    SHA512

    b3b8e757e83fb2fc3cd6b74abbb79b511570d3dd70fd6ab6b455403f1722b3e5e85ff2d116226de13b2379e74983b368a9436ee9b3b991a5db0bc272a552756a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e10dbb00e531b4ce3b9ecb9d1061ebd8

    SHA1

    aa6b585d19a11bf0f46f48eb5d8bd1a5e247cb66

    SHA256

    4f0da62d94215751581f9e3dc5a614709477b6f884168cdbc4e286bb8c61b9b8

    SHA512

    7640e5b41be6d3c7a8f3866f458d6f7425adb9f7e81430a4d7dd81f6b8bebaafe2efa4d5e534da919ed1009a8452daf671b453a18705ca5c9ab43f10df292ff0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef104ac115d2d25ca53246d2d587f9fb

    SHA1

    8c66de67dfa3ab9b25804333425a4aa68d7adfc0

    SHA256

    a0f23fc70a39295224ee6e0c3d9ce15bf5e8ce67ccb0cb03e68df941f065fe5b

    SHA512

    06d1153690b548ff9f1278aa8daabdf2098ae56d251f1c141490bcd00f8f032b26020bd779d8445af8232ff136ff85e50c3c05b716aecd0f51b09b98fb816903

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8f6f03ccb97d9da2f25e7ccfcf9ca95

    SHA1

    20ae4654463a4a46873796c7ddc3825830478d5a

    SHA256

    393cf2d1b21070f28f7d95ad614b0895d42e6fc442b20b5865161c8a2e949a4e

    SHA512

    d97b7ea174ce38fc70df0cd0251ca5044c8854472c407a344d40dd5d4217a13e0b53b7acc7b1ad550c7fef4fe2590724161fbe2e2a1d295f4650681475e2861b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3a9dccb0913f88e035e9773567ea627

    SHA1

    14712b684be2293a7b8d63979c12824c17b666eb

    SHA256

    121a20b51fb5bd688f0164a32a05ed0a71693f47f0b742da542aa7e702f90035

    SHA512

    d0f69b61d469ec8c6607e0ac9932707b810e5366ee04b34fb710845e659286ab38f7bf2eda3ce61b1d96aa5bed790a54579b289c0fb43e694786598958e2c797

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    427f27ca4968298ffbc959987757de23

    SHA1

    f8a04e6b5b81b0440cc61bd4e90c05cc121b2f84

    SHA256

    52db10d7b648f63722cd44704849d63dd0c73ba33e4bec675e699d669d6accff

    SHA512

    c53578c9bcc8b9ff27f9f502b5a0d91788150b84ca6ee34e609421b561b4dd09d989774468bd2f49c8e2258339e011b9e1bdcd3ab1c7635ff2dda2b23abb62b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df7831e3a0331345bf8b9a34514b564e

    SHA1

    0ab647c7a9e97bf068c4dbcc32127bca104b1d02

    SHA256

    04ea3683b87e11eb43201fdca628425f8cb54a54caa8281de077093e4c09c47c

    SHA512

    9e149b2fe9d900c06185e4786e207824a7d13a82bcaafa98621cd6829bff33139b27e28f3ca517f6d017cd4691a7a57d9f37525a25a2b48c5e1b32b6aaca5475

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f78998b97e565e02ac49c10fdb2a9e2

    SHA1

    c237b0a78afb4006a2f5da6f2d7a837cfd1327f2

    SHA256

    de26a5abfadf8bdb9a49c217b4c0e9b6aad988686d9745feec0840256640f339

    SHA512

    d16a39a4161591c2a88bd894bd59c9de77ef9a1ffe975ea4f7c05a5cc86cb7cac7fca8972b34037a8d80ec88eb6b1c6addbe5dea0fb0a2a7fc6553b5df9e2c92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9e1a985b84b74b72e3a65daef7313783

    SHA1

    f7cf309087ed8e4775941111be2233bacecc7d8e

    SHA256

    c44760ef457b9f3a378f714555d9de5a10453131ce927408977daf38f7a83b92

    SHA512

    a2b4a959f7cbc9eba3ac704611e01f7518eeae2259e2c9839eab78ae341c0c58603c7b8a7271459f3b0b3ae690d219fc666f0ce1ad53eb68687665062b34e709

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30a2fe81b5a37c092063e866589d0455

    SHA1

    fea71bc67d1f3f147b109ce2a914661ab0fc73ca

    SHA256

    f8cafd47044b55c377de1ad8335703757b6fb54bf3465f316e6d48eac3208216

    SHA512

    60c8bc92c62c2fb303e2bda2ebf5705b3be094aa8d9c37619ab1207e44e8e9d54676952039ce56d83c33244f465c327fad0c1014a411b1c14751e1e516379580

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12f62a0126de4ed3c0dad2fc4d30cb8b

    SHA1

    5976ab615dc9eb92d40b5ab2090cd1a1c3b8d70c

    SHA256

    22c1df83172a1b199c427246a9a36097f94c50ff95e84603b72aa6e402ed2094

    SHA512

    7668c3f694174c304b1b68811b9b55a60273d3f153f9cd94ca6d962daf8d04f0b0f3baa567bc5d42b156adf745fd3f9652a5d51d62045c34ed8df61679b8b0fc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4AAA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4B39.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2996-6-0x0000000000400000-0x00000000005ED000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2996-0-0x0000000000400000-0x00000000005ED000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2996-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2996-3-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2996-4-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3004-11-0x0000000000400000-0x00000000005ED000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3004-5-0x0000000000400000-0x00000000005ED000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3004-8-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3004-13-0x0000000000400000-0x00000000005ED000-memory.dmp

    Filesize

    1.9MB

    Download