Overview

overview

10

Static

static

3

f838b170ce...33.exe

windows7-x64

10

f838b170ce...33.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-11-2024 09:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f838b170ceb59596c45529dbdcdd9c370fc9a5430e8f21f83731ae56255cf933.exe

  • Size

    1.8MB

  • MD5

    b4efdcd2b87939900c9fb49ca7fc9ecd

  • SHA1

    b3aff469499747c3b7a56584f64966f8215ff047

  • SHA256

    f838b170ceb59596c45529dbdcdd9c370fc9a5430e8f21f83731ae56255cf933

  • SHA512

    b0d87680300dbeeda70733496457ae6e1f82430f1aadc11d7948133847568a5eba15dea4e4d067339012fc9bd6c446be8bfecd0ec6b83ba34ce2736f33aa772f

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09SOGi9JbBodjwC/hR:/3d5ZQ1qxJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f838b170ceb59596c45529dbdcdd9c370fc9a5430e8f21f83731ae56255cf933.exe
    "C:\Users\Admin\AppData\Local\Temp\f838b170ceb59596c45529dbdcdd9c370fc9a5430e8f21f83731ae56255cf933.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Users\Admin\AppData\Local\Temp\f838b170ceb59596c45529dbdcdd9c370fc9a5430e8f21f83731ae56255cf933.exe
      "C:\Users\Admin\AppData\Local\Temp\f838b170ceb59596c45529dbdcdd9c370fc9a5430e8f21f83731ae56255cf933.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2824
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2768
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef1231a16805ae68ae6cbd88dae7e0d1

    SHA1

    743a4dd58924a0cf7644c737538c5b733a1529ae

    SHA256

    ad30dbb5ea2c267ccd08670b4b0bdf0a0b6f6831f3ce08e989d6c0de3838c941

    SHA512

    6e3d1737a4054e29608cc5d78064395119a9a7ff018137301b4fd98ac871af34d08b755a2b1791f5f4711ebec9c468f368a0e75df5c7ddae000e704c057d0399

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    539dbdad8cdce7de912c5183da02aa74

    SHA1

    b53d6b55b0cf28a116fa0fc0d28f1d9aa69909ab

    SHA256

    3571839f021dc130d6ce874dd7be8bded087e5d67797153c6cbde3667dd3636c

    SHA512

    298c6c800ba01bec24112e0f8fc7e69910986ee66dd339e41ad09b5863e7110b85f5fd504a1e23674ec787e71d95d1121a61c96bcfcbcbb0af6cbc2f75bde406

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e34ef2392561adf8f2fe9152e00f1c5a

    SHA1

    ded10d05e23ccaab513157265ec427c728f54c2d

    SHA256

    52e2287f230c741488051ef538c3d6b06c73e290f5d9e633ea36c6f16bdb2b33

    SHA512

    4573f395f21bfe0ef8999e6d2ef286b6a98efe1edf296299c75c3b3d9bea000690fe8ac0d94be354b647280386c46be529c1143b987c8fb3cf2be5f1dc394624

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    848670201b8405f33fe5ec6de617ccc8

    SHA1

    bfaa08bafa45fd2eb5a1d7636b3f4e1f5f280407

    SHA256

    6b35a6a716054020103c94af0fdefa43bdc52fac900247aaac25a5d5dae26ab5

    SHA512

    ad4e6afe6900cc53975db0d66135b40d8488b726f2a93dc7f07d482687ddb5e207913cd9b76a6bb6a3b711162dc9ed77be5189cd39514790ba901d82bf27031d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21d17861d391eb48718dc3e500930834

    SHA1

    cafd659159b88b7772cb6b5b8b482f3d4df1592b

    SHA256

    a53c310fb91411e33702a42cc39f87fd9abb8c9214f41bbb948d13c1df357f77

    SHA512

    8f7e22a2e9a69fccebf02072072b43a1e9eb5b940a5c35936129ba0bd9d29beb993ef37f2a1b797ec76af3d9109c8d77af87a9727fddf16f64a8342aa25aa7dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87e65b42dbff881ceb6e0d6d445b75b5

    SHA1

    7e24d67005ed413becc51f44ac512a992b587f1a

    SHA256

    4a41ed304d2b57db212e718be4106f1dfa8f13cabfd6d7cf49def40f0a8ebe79

    SHA512

    454570d00891f1b7ee8e70be9b2f2d9e127f1c0178f6cc378a1b731ebbb1396d2031de075369170131e198d2aad7b579df79fa6295b1fb12ecf016db75501e2f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af751986ee26197ed27d9b9da97fc113

    SHA1

    5ba685159b9cf24a5462f3fdf9e8dff248e4d3ba

    SHA256

    868784366b97a997e4066e5cf17aa0ca0b1d637bc62666d6f686b053a77c2126

    SHA512

    18ff06f8a63a2fd60a9af4492d9321a4324a894d38a65178be5b239d8be87415e2b8456bd299bdd3f951b2e58f9807fff3635c86b370e39e857bf446dafbc455

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42d36e87617b83f942050bbd2c495b42

    SHA1

    72ae8d0c6d146000206cedb0dba512cd727bb6d1

    SHA256

    ad372b6c1d02609078f25f69f71618d300c1bc9a2609223b4b59de3b87a7ce7f

    SHA512

    d1420f0d23d55e005446a13f339c5e7b89480578426b488e2463a334f110f1fc9aedbb6ed8c9bac8f365d873510c3496249f549bd0d1c8a7c0c013232b9de8c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34d7f2ed068386ebc168d351dddd6c75

    SHA1

    8033362f4d734e8fc590c74cf454a9650811cbcc

    SHA256

    ad3e36c749feee5fad00ccfc8d71613a686930cea8e29148cebf82eee94c2786

    SHA512

    8cc1b1df1e4625b0402dcee6ffe861110c7ce830a377d0bb903d4a04f49c4700da1e39da39a7b9d30066f42a7abd830caf9bb7c378a26c744f9193ab1a392940

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a52bc5ccae7372d493975676a9e08d6b

    SHA1

    f97bab601b60b3ee6aa3a93059bfb002892e8234

    SHA256

    89c4904ea70e3516be20ed19909f58f4e2a27d7410337193083b0926b8b1cdfe

    SHA512

    150e077f795ab5892e7e3b33cca00bdcc11c6e6c5d486dfe603b38f610af09c26ad824c79b64f09d161e86b5acd6f6ae5e094100eec5643d4a3ac6f8cb626144

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17890bf7a87c257f614a534bf4e123d4

    SHA1

    00bf746ba21ee0ecd1190df7210d4819d3a7cd1f

    SHA256

    f6baad6f1a93e2f5d9c36e1a8b81edc6b64e1fd013918d8af0495ed645a6eb0a

    SHA512

    f63b7a12fa313035555ccd3dea05d33440af6d2b94c54bb27636a8824bc9b3acaa83fa36f932c784aecf0134fc28982cad34377495a38e927596c94af7cefe9b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF9BD.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF9D0.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2792-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2792-2-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2824-6-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2824-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2824-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download