Overview

overview

10

Static

static

3

222aab248a...72.exe

windows7-x64

10

222aab248a...72.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    99s
  • max time network
    102s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    14-11-2024 04:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    222aab248a00db50805c845e4f61f44ec2913180fd1f05a35e236a2e89171d72.exe

  • Size

    1.8MB

  • MD5

    12d30586991294cb21fe0c9ca0aee06a

  • SHA1

    98bcd1310a594d166403e3ce669f625d7307d9f1

  • SHA256

    222aab248a00db50805c845e4f61f44ec2913180fd1f05a35e236a2e89171d72

  • SHA512

    5e1aec34c8e805f5277311b8dcd1d8a4560cdfdbea16cefb6a9033b99abcd4abe7809cf9f2d16e70725a729fdb041770da8640420bc8491efdbe4896e2192a5c

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09SOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1+xJIiW0MbQxA

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\222aab248a00db50805c845e4f61f44ec2913180fd1f05a35e236a2e89171d72.exe
    "C:\Users\Admin\AppData\Local\Temp\222aab248a00db50805c845e4f61f44ec2913180fd1f05a35e236a2e89171d72.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Users\Admin\AppData\Local\Temp\222aab248a00db50805c845e4f61f44ec2913180fd1f05a35e236a2e89171d72.exe
      "C:\Users\Admin\AppData\Local\Temp\222aab248a00db50805c845e4f61f44ec2913180fd1f05a35e236a2e89171d72.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2056
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2936
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    587ae9b532316cd223675a6fc062d56a

    SHA1

    1178958c742680a124adb20f8dfaa8d3202e57cf

    SHA256

    16689ee53a730ea7039ccf988a3edd83cc6e8eb58219e3868927753f1d7e9c12

    SHA512

    8abccd8a7a531d4b2f09a0589827db5c47506fc18e6dbbbcefd82028136e87aac1f44f344fc826ce2069d8b32661dffeabde149fa03cfbc5923d611cc45ce7c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bf92a1a959e447a7db56ba868952127

    SHA1

    b02111083075539454254a760a2f2de15951267e

    SHA256

    137415a233b0bedff18117c721bfe001efa66098bb5a312fe5c960a946299761

    SHA512

    e2fdc72a7b9db19acbddab25ab3ac58abdad231a8622be9487b63b34632664e9fd443af4282634821ad67a3cf1b916ade9533d73e4aeb7a6e138af47c770ff38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c924e4dd38f23d6f8020a3ea32da39a

    SHA1

    bba243b1f060fb812b244f41ebcb5ea8a454fdde

    SHA256

    3545c33e0ca48503bbac6049048464b8e4a3f6449ed62b383444ba5832a50f4e

    SHA512

    f29394e4f684f22c17b9bd3f0fbd6f9bfc3837148fa4f9cc179a47c7e00e4e01d43ace843d16df3c32cd88d1806cfd7db73e24a114bb8419b4e79427fda6cd4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48358bdad07580db7b5e75c7fe25561b

    SHA1

    f14c4c49e7343dabe005aa7dbd312ba41fb5e5b3

    SHA256

    ee70dd8fd158e191c13435ada0f71ccd6298cd782e47b2f3411c2a16cf408123

    SHA512

    65ef978dc9c1903407c3ea191e646342ca6c58bac16253a7cecd327c33bbb1a095d477b8e03991ffbdf720bf1b7133faf4eb33f0a09868c4a440309f86547164

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b8968e26577341110fb45007f48cf96

    SHA1

    1606c79c134228b1b34363b8746a844f06478686

    SHA256

    b4299704b9debecd866cd6e35c864ee5835eca31d273b7801b706f375af10b97

    SHA512

    70b9e3040e433f828cf2a698dad9ac24bfd4a0cd7feee241e3b020e9b4af942342240005de2fdf12ab4ae70b129e6fd173d896d32ee711c26be2b89daf10b523

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1459b4825cd3b1dbb3d323daf8e7a02

    SHA1

    04125ee82b80a9f69eb95da79186df06eb7de48c

    SHA256

    4cfed1c1328fa570aa3227c58557e9166dc59d2cb007839889449a65005135e3

    SHA512

    37875afb588db6be637a058c1db09151e38266b388dcdf4c43f59cb5ead09b68676ca5dc1e7b18a2e1235325781b54772ec01548026379083a231123f4c676fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27ccdcc12bb94f5c7972b9791db9b672

    SHA1

    5a64fab640a0b3ad1bb2949d40e7b0fd45ec5472

    SHA256

    48ec323ca249ab206e7a850a289b50c35e7418c801d451d99f519dea1f864491

    SHA512

    edb8738a447597deaab494fc9736c3405264cc76d5f5fc987ca573b5e935a15b7e774fe23375958e37095ec1e5f2be16ed9de985bf2b59d6cf81d26329686605

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfadc15509bcf319d29dd724e1666fa7

    SHA1

    9f7daba05a561f417a5ef897f47a9ec991d7927a

    SHA256

    f2538d1e66337b297264dca0e7e4abd5c01375a60ed089ac0e7c4c4307399ae4

    SHA512

    a8a52eabfa6b781f5c7b05875106726005de276510e402d653fd849c88cee4b2190481aa096c95a6dd7810e2fdbad7eedb9d7008166fea97fd61431ba5a41337

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8017c71236fb3f12a23d8cf5278d4fbd

    SHA1

    20b49f2f6fec99a00e6f5cd6e4323bbf7ca1d8fb

    SHA256

    7da6ed962ba6ffe8b0bc46e4cecab7db5fb473be9cf246763e7efee95aee27c6

    SHA512

    fe8c2e94b930a714c27b7032b88b81929427060bc7dde43600602047623bef1c63c31520899789b4e2e74288de2d756c1179f28c5ccd2fd1fb25ff6ba4802d4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dab7ae81efa090a4c780e639137b0d37

    SHA1

    cafac7c8a84154336152efe855958e2acec4a14c

    SHA256

    5f9fe286f231da5be70088da2cf49ed858760b6d0c35418b4f034e3fdcb015af

    SHA512

    0265d5d66a380c0441ddd38a56e20a2aa8d8e576c5cbd3e3a7ef5fe2077be583c6dc9fa37b11f1d51bd6c55c9ed443d727f03f15b7c7b30f52ee7b1fbc18a109

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6d44392ee21b03adb24fffeddb836c2

    SHA1

    6c2286a0a7cbe04f307ad492a7b2201f51aa5250

    SHA256

    e92e5212d058aeffb9544497a6bed30b840c8e789b503391008fcd30d8ac3879

    SHA512

    09fc85560c0e94e433a890ee5be3142f3021af8bfd03d2263d253ba683ab613f906a34c03e20186d90377dbc1cb72bc6d2eb18febd435968beefdf8734a65a34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd32a243c1bc723c808d5b614c7603d7

    SHA1

    b5c07d8d335cd7fa7caa9fe709d8bbc7e57df047

    SHA256

    7045d6baa09acf0538e12334ba5fbed11c5b90cb5df52a5d3362c20e68776684

    SHA512

    019c502dde38b7c6496669c8c49ba8ec5028e527422bd85a275a80ceadf484b1ee2c7502ab149dc7f002bd1579b1cbb3bd25f1ae4255025eb3077389457aad4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40cac66589c4547410812a1a342c7d2f

    SHA1

    1da7d0b8f700dd9843bada9709b54606c9163e15

    SHA256

    e7d36da30f2d97e7cdd3df536da03a6171d31976adde8270306ad8832c7feaae

    SHA512

    f79756d79398eb621813cc7cc8cca2da58f5ae92f1d85b00fe25ee502a13f22d1a381878213a8fd9c4186460e7d4ff3ead919714b8b1029d3ba143401c8edc16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92a0f236e33d52eab8f447ef04965c78

    SHA1

    fed4701ee9f6bf10306cebf9244a4dba3d8724d3

    SHA256

    8e70fd165c08281472807767d25f0a5dcfdafc222ba552d44fb6fd3a27b51f89

    SHA512

    de99ce47aed9452937fa94c7f3c7abf0c3df1db56d9c2ee87138c7fae71e8c6ee589ac44a579ed4dd8470a46ba9eddf9d0348847b9a75a9c5e351094a1b44d9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d15baa37f136004177ce0f765f6f7d94

    SHA1

    5ea985fb8db33c6854a13a29bdcf82f4eb3e32bc

    SHA256

    db893e22620aae91e6153a8028daedaf90f8c028ff1a4325a5dec0eb2a8cd93a

    SHA512

    fbee8eff37b31ee8288f5d53e53bb1cbc407ed5f518ffe5d03a4a8df108de70c489ff9f120493af697bbc3b01488f3a3a8b3b469174714484e98b86b80b4d87f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f23dd55f2555f20e84afada2f68e4a6

    SHA1

    41dd49a4ac93cc8ff99efebf7f7bd5cdd4b1f4d7

    SHA256

    002b0537d019459c77df35bbc90cbe5dfad7013b1b7e3d5659e9ceb9be13f935

    SHA512

    729ec907a3b36395d3f6da758a7af6933d214fef6bd4cc31bed26d728a42b2688d58a15332068f89ac09c9dbfcd19e6742db539b85be915ff71a039e07536750

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82c8ec7fb958281a194bee1db66fb1e4

    SHA1

    524f91492eec032262cebd6dffb0e9aad89abdb0

    SHA256

    373e4cf769bc12283b0afcc65023efc3f83ba2db1f66eadc35a7e04e095d3417

    SHA512

    824a85183c743d0c6acc0acfc5190f4248b0a9b6a06865b5baa2b4ab2ab8e80447e8edf8d30cdc7ec9a7834b7dee870e410230396307e19e9fec8109a45b89e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1fe984a261322809b2ab1218018eee79

    SHA1

    30cd714ee3de1ef4bb71fe22eae95b8b5db04802

    SHA256

    3e9370f8b868337e883d29fdb1f004d159f767f2e4a54eb5710c57c95fc0bb8d

    SHA512

    c7706f2dbf3796fc50fa746c16c4f69ba76473a1005467ad95ac801e4a2243a0d7c8877736cca92c9fafd8681a02120bd80a6494a11319b03f4a44d5de387640

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0dcc6581f53e83f174669d3747dde1ca

    SHA1

    68dd9ea052c03a4aab4674b3cce133eb4690179b

    SHA256

    87184b8f68d0be44153d31b0360d34d895b3034c1a616bad7c76cf15121b8cca

    SHA512

    853321dfc132f2c30e2a42c3b0e05cc8e0d00e279ba9c55b86029e75ca2cbd603729775d29d6c0481743d16a48e870df71d67e552d0fb24702b74488bc173075

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8F18.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9035.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2056-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2056-6-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2056-10-0x0000000000330000-0x0000000000331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2056-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2056-13-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2600-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2600-2-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2600-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2600-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download