Overview

overview

10

Static

static

3

14fd04c89a...a3.exe

windows7-x64

10

14fd04c89a...a3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    08/11/2024, 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14fd04c89a1dac167da96424cb66e3cac83847c6402195c99b1e4033ebb328a3.exe

  • Size

    1.8MB

  • MD5

    7f21f9125a9b770bbe0ea655df48b9c6

  • SHA1

    891f3eaebeecde299a69498ac51284c972aa7f66

  • SHA256

    14fd04c89a1dac167da96424cb66e3cac83847c6402195c99b1e4033ebb328a3

  • SHA512

    df528f213259c95623d0061cc2efd0f8e54659c64a471e5314f06217a0b6d9772a6410d5005df07e51cd3b0586c88933aebf051bf4125356ccc40dba684bf07f

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09iOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1SxJIiW0MbQxA

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14fd04c89a1dac167da96424cb66e3cac83847c6402195c99b1e4033ebb328a3.exe
    "C:\Users\Admin\AppData\Local\Temp\14fd04c89a1dac167da96424cb66e3cac83847c6402195c99b1e4033ebb328a3.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1028
    • C:\Users\Admin\AppData\Local\Temp\14fd04c89a1dac167da96424cb66e3cac83847c6402195c99b1e4033ebb328a3.exe
      "C:\Users\Admin\AppData\Local\Temp\14fd04c89a1dac167da96424cb66e3cac83847c6402195c99b1e4033ebb328a3.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2028
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2884
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dae5575d75a37d6011f49776a9ba8203

    SHA1

    0a63d46919609b9aebae4ae764753fca533aa756

    SHA256

    c718afc2c7c908bdb567b82ae5a727f04d802de6770fe8516d8196bc8a99f846

    SHA512

    35d5ab22436a6c9a0cfffb8b918a5688ad1e9161ee608f7bf65c4407eb9a63ad12a90a950a7ef36a317222ab8d7487c5a7de85b7a8f40421824b1e78b9d6fdae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    256c03cf73c0cf6812911b05eb464be2

    SHA1

    a2e6fb88640bd356f55fe767824257a303496847

    SHA256

    aa97cf42096c20697165e681e159272ac87dcbc823d301ccd1e4ac91c66c0307

    SHA512

    db0d8477fecca6dae0d72ff235f54f1cb07591e9583bd4c1cba253fafa02812ddc39ad66c4f31059be9993580068a2d4b4b5575059ba6f03f5858762c024c017

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2aca608b5e6ccb71939408c65fafdb66

    SHA1

    678a418001a5b6ae7bdf4dce2c226152a57db19f

    SHA256

    49dda7ed3bfded211ba8781adb043ef6dc5c22a236134ad7e4ac25b115819049

    SHA512

    7b133294166ef555da432697f1b4c90a2b1c0c1fd6f610ba54165835a911a13d5e9301ae1490c2bf657d9843a50c3a8d69609610341aa11a20a1808f10ddbdf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    292d730582db7c2d17808fbe12fa6968

    SHA1

    8fb0be1f5762f0fb5bebd6aa0178b205fd4dae2b

    SHA256

    2e61eb434367eac21e23c4ac1c19dd99bb87b7bbe755a081eca557d2edb22a20

    SHA512

    d8bec9a67c53b1cc22008bde189c9f32a1874dbd6791a6a6e13d89ab13bb06fc0ca79741d65eab21295c60e200608b46eb857fefe2bbffa286032f7c7bbd8306

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a7e7d81c883e5b012699f3d1891a2cf

    SHA1

    d068d242e3cb5a22847e4302e80b7eca196015aa

    SHA256

    23bd83ea4c6043d90636df8fa410313a386a6c24e712ea6bb25ce21465e2eacc

    SHA512

    0b57a63e762b6206de0a0b4cbe715551be8091c38bfbe345d08600a64a42ca7ecc14980eeed94a29bf28558717ad30445fbace9b010945951d83b8e01ac59dcc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    626c7f3308b87adc95a79e0f4db86905

    SHA1

    f02cfca4d9941776c8d77c748d1825e05e750449

    SHA256

    81989cbc3525312a4b628e72c661ddd07e9afa6e7436eb2253bf55670223f731

    SHA512

    328e73fee4c6476f8f1215fa642f9e2b041ec631027590324b0752aa75f8b09114e293af4b19c69ba4b6632d62e37f35c23bc41a04c6613d3311b0e3c06a2917

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21c88220ea47edc16e84014e9d22db0e

    SHA1

    9e656df6abcd4fb24df90a2bd301c2a6be0900a1

    SHA256

    c2c72f199a7248c184d3c8944f42dbf89c444e7c04dddc67c1827c2789ccd1e5

    SHA512

    7925a597b6c4ea957799cae138b3f8df1ba58babb5f426646a9835fbdfb0a2d9f2c56956fa081f6eff5d10aa1049affeb7e8de3434f18b3a83e71917a7516db6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab3f9045e1b2a166f7b775fd760f8ffd

    SHA1

    620b204ae634d2924188de367adaa2e5a1a768b3

    SHA256

    8bb1baf8811df71ed698090e2f3b080f5b41d20c665af67800c7c1e04c9b1bcb

    SHA512

    6164921eef3f453e55323aa94b70928ee88e230e8d87b37637ae972bf0a0967e0ac1cefb566507f77e75df04d6dc9c3a366edabfd589316e19bee6eb0a38edc3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d58ded0351a7f70bc128b6ed1978a3a

    SHA1

    c3055f6a5d60380f359b4b94c042687912a87481

    SHA256

    aacaaf541964f0395d1323eb6b64c7d5485d0e70d7d2f8ed5fc05b53e8d64044

    SHA512

    ae7fa4464c0a9be9cc045df6902efe4c5e7b5f92af46578da09f592d57205d05723804cdc55e122705ae621e67ae7ca034bf375fcbb26df7fc0c371c34118117

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25ada9e628720e4510779d71c8c01be9

    SHA1

    04c6bfeb7957dea2e8d7e1017391d81744169d64

    SHA256

    f80bfe03d7b6db97d9cf8bae916bd8e73f43322951c12d33935f6322e79a9f45

    SHA512

    ed9bf817906b03b77caa86f629bb015e9c5bf94e73cb06ea2cea31eccccae0bf4d79c5f11a18641c9636287eeda91372682729c0ac9d98c7df853962be1becd4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    98005a78a5440b824a49a2e86ae312a7

    SHA1

    8d7893499a3ebaf78f97359cd75cbc91ae2daf97

    SHA256

    c292fe77fcf0c3f1392bba669e29b8d3c09b6581dde8f9c0967bb3511def5f12

    SHA512

    ee0ba168b621efd01da1deb9acb3a7731bd97b29673bd199cedc073c138ea9e790b9b3856a15d4e66e3949db4120e3e1c3ce555845c86a74ae8ecaf1a09521d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a96e2c3995201b2ed3d40ffefe77ca6

    SHA1

    1d2f198900211ab3a96e15deb2e4ddb17a7a9651

    SHA256

    b02d2a1db50bf3c90266ab5b78eae84691b528584391b9da492c6550349366b9

    SHA512

    4276c961b3d597d1338e2248d84b0af34efcfe370704df9167abd359beaf560f9c863d8375c99804d75b8b0f345374ed9d5490dbbe65ee8c72559aad6d66bee5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9037984c4644e99029378d4297019677

    SHA1

    7bb37ec1c043508f3814f1b673d313bfd8cae793

    SHA256

    39c2c47f8830661db539c94b7ee3cb71fb078d3ed24068a591508acccf8aee50

    SHA512

    948806e3679b8473bc74a3a3ad60ff4012ac047d019a4788f2cb38dee7ad05fd01cbaafa723bc3ba7f42426621926c10f3be72854b64434a5247788a38384c6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b390cfc75468ffdade850b010dac274

    SHA1

    b0547a4e839fae6075e0a9546b486173f7712de4

    SHA256

    e0dd79854840ca4db1143bd41c478687ca8167f5b1e704b31d62328221270368

    SHA512

    1b86ad8a2317889663c63aa9c82c42f1e0d2d88509eabb1f844acdd5321fa622500221042b33a71d1c2e74d729ed984fdcd539085aac32ce5e0505ff72574344

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23b222e63406b8555ab2ec960c99ea53

    SHA1

    80e3526de18fb3defc7059e6686a8d6b027fd337

    SHA256

    ccee92879d87f270671efb1b9e063c123154616b135c97727fe6e0c61724defb

    SHA512

    ab9e49f7a2dd0a0f7130e018e7caecfe3378f5392db06e102da4380e72a392046ca9f1d49879996f177c9aa70a303c66cb49bc0008005c761ffd4b750155886c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37b37b41963cd9ce2c14c9d78231c610

    SHA1

    1d5bcfd05ed27a97a35fb6d03a674bcbc8cb4818

    SHA256

    9499a1d2ae71d5e66677309bc97d958609597279f5f10418da9a996e981d4375

    SHA512

    13f1cf7b6f781720b0b4335084ea517d7ca4a4b2eff7a9e9a1819e23022ff778a4a2053a950b21c6b9f7c184ef76cc2ebbe1053e9990f457e7c42d0ca39f5f23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b472b91ba507e4acbc66c7553e081518

    SHA1

    864814d79c65abf96c78fdd9fb461eaf48fffea9

    SHA256

    e833da8ff920a9a097c4426ab3a4566809e7af818c420b0c2523b2b5a61c9098

    SHA512

    9432d9cb70a87bde0777a0e81602af396537439a094324ebc70ca7ba4a52aaec04f9645b58ea5f06802c74bec755b7ab7064f8754ae539dee8a096506de2c41d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77b89a0412539530e568c418663bbc44

    SHA1

    ef6df5b8fed32e572e11adf4b7c62bf35383d57c

    SHA256

    2333f72a8ca587cd7b04bc69bb19cb6dd5745ce8ecb0000bc5d4272751240296

    SHA512

    cd3d985f1f021113479ee6bae26caab7425bcd98f186d66718487bc49cbf6ca055338a1874d821358f5ff13797cba92b264ae21fb08caadc7cf4c7dd993d0324

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29abce494798e83cbd58e352e6e18a6a

    SHA1

    7bb356c33bcf2e6958285304bdc151bf80dbf431

    SHA256

    7de654db98a5db479f0d1064dba49da0c2ece33bf4a2a4522d7a6de1e5c4e389

    SHA512

    e3f7f7dc4bc2b8b3e17f24d5e424941cb5b81515c102136fcbab21f31308c337bdfdf54cabddfe65474ad3a4e94326900b8b2126ae70acaec258592c3f04a6a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80d58b31152a45b971fca23968c0e1a0

    SHA1

    426fb761e26a9323f673f1c9086ad4c9f530db25

    SHA256

    542e3a13d3bc35365c6d767d48cd86f38a531c126cbec601badef41730f54765

    SHA512

    d151629e7256c88175d635cb54e390c28e3ab36febbcb95838b451302ab96969886f9ae02d55d25f49477a373141cbb7cca4e8dd7ca180c392aa4f12bffa9597

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD684.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD733.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1028-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1028-2-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1028-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1028-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2028-6-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2028-9-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2028-10-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2028-12-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download