Overview

overview

10

Static

static

7

7915d21ad3...1a.exe

windows7-x64

10

7915d21ad3...1a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    09/11/2024, 20:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7915d21ad3cdbea4f56e4fbe8455583bdbc78113072931efb4d9f42de6efd61a.exe

  • Size

    692KB

  • MD5

    76d2dbf61c92d238f4795050a92e3ff5

  • SHA1

    e94eea3aa37c54e4a04bf8646b21c2f54a6ea4cd

  • SHA256

    7915d21ad3cdbea4f56e4fbe8455583bdbc78113072931efb4d9f42de6efd61a

  • SHA512

    0da3a32a856e7c22fa031e5bf1ade78177d2b1c7854d9cbba163d4a74d7af22018db010d5b288ebda4a4ff1528e38b1448f5fddde85a6243ff89fbead45e0a84

  • SSDEEP

    12288:q6f13oK/cDVrSs0SYnI5M/i9gCJ1y0Vm1uIf59UcudQM9zU1Jok2fP4VD:q6ftojDBeSYnIO1CTywjGzh2

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7915d21ad3cdbea4f56e4fbe8455583bdbc78113072931efb4d9f42de6efd61a.exe
    "C:\Users\Admin\AppData\Local\Temp\7915d21ad3cdbea4f56e4fbe8455583bdbc78113072931efb4d9f42de6efd61a.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Users\Admin\AppData\Local\Temp\7915d21ad3cdbea4f56e4fbe8455583bdbc78113072931efb4d9f42de6efd61a.exe
      "C:\Users\Admin\AppData\Local\Temp\7915d21ad3cdbea4f56e4fbe8455583bdbc78113072931efb4d9f42de6efd61a.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2944
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1092
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1092 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b61cf37159c2d2cc57960d152bb2c036

    SHA1

    365eab360929f7918bc331f7821b2282650ed4df

    SHA256

    f5ac6a9eabefd084b31d5720c345ed7591b04e237d6f22d702a5a8119a48d6e8

    SHA512

    5c42629b54b381dcc14f4be523032f6e088df2d820e280cc9e52dce87a085e2ee17f311fb3f8d4de7410fc0b54919a96f739090e1f465ccdf1df2dd028bbf76c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de7346c09ad3ec82ceec64ae8f1ab4f0

    SHA1

    777c5e6699084233b93c2b1c54526450c9d95273

    SHA256

    4c433635a120a41cdd06b95837ba1f0fdf1308312cefab2435b588802b5d0c86

    SHA512

    f48717431c9591c801f1116c7b5a407d0d1e128f0eac7fe5da4c9d3587ec167dea691748d7c327f5e9c8239b37681441ce9f9b5c79da39b5cfa826c539eb9362

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f1cc292fa0ab7df01c304ea8c237123

    SHA1

    5391bc2875f9a530bd4cfbaac2f4d2668ee1627d

    SHA256

    1c39ecb2101aa9bd779260160e7cca8c2feb2d73717dda19d1fb60f5e90bac2f

    SHA512

    b94bcd20f3b97d8f0c473089ef0be33865c6e12119f8331d825cf09011a57f8578f2d8219d80ee5575896e2966e4e52a38696cafa3a8e75464458f6971ab766d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db307f672360b43510510967c5faf479

    SHA1

    a9b3bb498aa208b1fee5f814eae25b779f6ddf2a

    SHA256

    5b0d296cd60e2687b28aa60b2d1a60ad72ec1c35713bbd95260134182bf2cb9b

    SHA512

    2c4e4dfe6a25e3f2f5eec87cc9c4783500a9f3e110601dc0512d3983f6c506adc9b394b53eaf7c463a43e0006a2445c0c5845665acd6536e4506a039017c266c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac13934da6d63dcbf521c6c4ec69e52b

    SHA1

    626df31fed2161365e98055d80ae5be919ab4842

    SHA256

    2164c93fda7bba0119985bf2a3973a52fefe8c8d1352fcdf0e1f73e87eee94bc

    SHA512

    754fd151bdc55b703e4593c45c37c84375931d4b8a074ddcafcaebe1e3b961ace29d20d97ffb5c25013e3ae377a90a0b5ab0bf4c5ec545532a2eac127b92b039

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95bc694a3c83fb375f368f5a9e2b3016

    SHA1

    444975df62ea15d98b6db3c0e2c75ae90ed28ad1

    SHA256

    3aba53791b5b5cbc5b5e16c8d60b929df2365060bdaf35204b45c9740c468d75

    SHA512

    1419ac1942a42c801c4fd0db592c3d4a62a8844d458113008dad4cb48b0210da614880aa76095b62e1d493ce37ef6466f81992abe8366feb9040bc3898c60bf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e20c0220976aff0e192a037240f38a8e

    SHA1

    a70b76801e1b7e947922c8dbb55941eda111d152

    SHA256

    077dbe25ea7b68a177bffd177cbbfe74da951ff4acdb486d407e42d4482a4af7

    SHA512

    bc85e15707e937b62345570c2ade1c1121172f91537895f6bcadcadeb0986222b2fe642b2c8f14dbfef9290ce2f5ae28c5618f55647924bf486223d45598f7b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4029e93869eb169bb6f5949dc23bc44

    SHA1

    a2c6720ce221b77f9301736b6b1110f9afd5ca18

    SHA256

    a4993c75e9f1d20863fa434bfa655b20a05ee1141b926c205ed5b3de533ba211

    SHA512

    84cc5e0c0db0372bb63b59c972948a4b86a0cfe99678743d695316e2600ffbe5598039e83c13fe63b15fd8836e1c14937db200a727c2e9d3966fe8b9136ff2ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2902f076962217a510b666cfea46f9fd

    SHA1

    0c3a8966eb5989ef1a88eed5e02c164ce56f1f3b

    SHA256

    d1985c9e80d2527f7dda0ebe2b39d25f9c23062234c67eb7e873cdf867d38d41

    SHA512

    6733e98a830474e55a1e3d384ab403893e8525a4efaff0f73790b7d3eb64b8df6cd869b809cd12fd701d8493038c3bae1dc7260c16b1483979dfa30bda01c557

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f9b8150c991c9aff9e1018a12cab67e9

    SHA1

    a5c2147c2ba11bd89740a5036d635bf2ded095e3

    SHA256

    397002d7ff4584e65d4d2e01a428348c25dadf8affa680f1827078c4600ac514

    SHA512

    329f628c7d40095aa5ca9ef98e68064a5ca994f02f67a014a5b84d5eaaf51177d9f9a2bae7e29db03132d58ec05d86f233d307464f1588d17d462fbc2c765943

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba6742d9b336a930965461070f9a7642

    SHA1

    f4843227a424cc22f9846127c34b5d3b8e7fa226

    SHA256

    73c004f40c8d518e12138a29bbdaf0a89bc8eb004fefbafac63068c879f0d1b5

    SHA512

    d95e6b3909efe0bb5cd0e6b4ebd1cf03560dcde2568abab58340b073e33c426be6c0c6ee011ce4f9264c07f9eb515476c52d2da2e1f6e720facd1d17d077c974

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3ef75a7564b36dcb591c9159d40c5b6

    SHA1

    d7c6bb43dc00cb4adc75b5276c617ab43d468d94

    SHA256

    89e9a1bc2fd3519e04071bf90b3bdad52524a36813c8813e45c0c49c3a0b6d6d

    SHA512

    ab02661e9bfb3ae27210f984d33a57db293789755b1cb31038a48d184fcc20d82df9e0d1a92fab5e0c5bde9916282fad04992270223e53384eab62394733a5fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6efc99600838a72ab7e3dae3903b0c68

    SHA1

    15e42aefb6138ab3e5839045f3259f6ee1a927e9

    SHA256

    ff21aae67dff60664eb33a4dbec8193da1b5a729b325b2c23b7aead718e5736d

    SHA512

    a2db7a1689a09c31d674ab5363e86f0d4abca1ee0aa2330334a856b4dbc1c0a39f5f85f2e304ff2131e27b98bd605e531787a80f29c9254a89c9832cee821b6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5bd267fd83fed02ed130c7fe91b1e54

    SHA1

    3ac4ec688a3b8ce5b7fde146a3de2db722c3a5e0

    SHA256

    d3d457f6fdef8345bf7fdfcc9442ad39443c91ee2ee947ed6e2d699e3eacde08

    SHA512

    1df897965a034c3bcf7ea192f94b2e7c954ecf828255fb0c7c19c67ea571894e734e0d3a8431d446e56bfe959a7e791fa9bd9316128b3b2cae7fda66a535c434

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14593c91f67e64632f42c365a85606a8

    SHA1

    843897962528af362d673302483c3127bcc21b30

    SHA256

    0bad04618f1defc5d45dbe0dccd8d9fc64544e89b2277fb131308eaa933cd98f

    SHA512

    5a16b14761cc440bb85f688913bc66f1be5506cdbaec44a14046113058af19e98b6fff4acc52c41632686a668f30027d53e070388712945f5d9675d74a82ed09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d64380cb07064109cdefb86098e1e67d

    SHA1

    b5d6a9832bce5a301f4f87bc88d1d14ee09f36bf

    SHA256

    33ed0f80b4b796b55fdd6441fee3ede9bf8abd0d3f334138da081d0e33f0eb70

    SHA512

    dff9e7a089ff59ce10de654867bbd67b42e5a85df34012fc0ec952e4741aa5b6e876fa40794c21aef24bb0a905d11721d76ea7d81bedad48091a8d800d9fb8e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7aef590e8999fca89e8ca40f1f3e8e57

    SHA1

    f06ffcc3cf8887dafeae13e1ba61d52a00ea1b6d

    SHA256

    f6e17d1ce3f2fc3563ca59f3702f15493af89661b62e22115af2c9ba5b320e5a

    SHA512

    1856550ddbce695fa3438ebbbaf2cc87949022ba943729e2e7b09cd07fee530640ac998588348fb9507ff296c7ccdbbf7dab7d09bd0d34037a9f93f7a820b51c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b786ebc990853e53c7e0d7bd31c1c36

    SHA1

    6e8e14a5665bcda7d88859329343bfee6dfea607

    SHA256

    73255d33125c0b5e766458ed562c2770906984905a4f2f2df4e616e759bbf0dd

    SHA512

    2b9dc87b570cf70bfad43f3ed8f5cb38614385f3b59d22391ab25d6101ac6d39a1ca4fe67ea19fbd943463ecfc960323276bb126afbfd72e022e03852e4cb757

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab94D1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9591.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2892-9-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2892-0-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2892-1-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2892-2-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2892-4-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2892-6-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2892-3-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2892-7-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2892-8-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2944-20-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2944-13-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2944-14-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2944-12-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2944-11-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2944-10-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2944-16-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2944-19-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2944-24-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2944-21-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2944-22-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download