Overview

overview

10

Static

static

3

9c060b04c0...8b.exe

windows7-x64

10

9c060b04c0...8b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    87s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18-11-2024 19:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c060b04c0c0d255e6b140b54d25f4162bb0130980be0b5e4bdd9ee1f731a88b.exe

  • Size

    1.8MB

  • MD5

    d877dd6030db452ec50de50ccc0cd976

  • SHA1

    3fc360a5c858107eab5256881c18244a13d23bda

  • SHA256

    9c060b04c0c0d255e6b140b54d25f4162bb0130980be0b5e4bdd9ee1f731a88b

  • SHA512

    2bcbebe3845273e3302191efb3a25b0410a9ea5259b716a91bb7a6dd004cba739486e8f6cfc8d52d131b7112fdfbeedc2c51ad3cf6cb5b00a5e4e991273eab11

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO090OGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1UxJIiW0MbQxA

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c060b04c0c0d255e6b140b54d25f4162bb0130980be0b5e4bdd9ee1f731a88b.exe
    "C:\Users\Admin\AppData\Local\Temp\9c060b04c0c0d255e6b140b54d25f4162bb0130980be0b5e4bdd9ee1f731a88b.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Users\Admin\AppData\Local\Temp\9c060b04c0c0d255e6b140b54d25f4162bb0130980be0b5e4bdd9ee1f731a88b.exe
      "C:\Users\Admin\AppData\Local\Temp\9c060b04c0c0d255e6b140b54d25f4162bb0130980be0b5e4bdd9ee1f731a88b.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:576
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2072
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    321fbd64f96826a3ea688772b0a8452c

    SHA1

    cc0594220028c29f96cc766d429702952078770b

    SHA256

    dfe2db834030d593435ff3ecd62505837622d072488f319d632788fbd0869d24

    SHA512

    77fc76c3765dfb4acb0caad7b5e486ae1eef447be54e4710b95217ba4a1426961675c06a265ee1649afd86a5904573373bb2cb99a1deb80af66593ab25fb66c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d9bb332b9bc085ad4b143b6097fc31e

    SHA1

    23982c5c22e26ed289effa0870020ef0dee4f56c

    SHA256

    f64fabb0f8b32f07d8261f0c0892b1fa3fec00c7dad2654af0161d4251d9a392

    SHA512

    9b82fcaa6ef880f74fe1d50262fadb26fdec1a369646de8f3d76652e748626026b65fec073df44d156c8004dd915d0c8282009eaa5122aec7e00db1ff43a4890

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4657e043e0849ca97040e21f668b2003

    SHA1

    56626c08acff473349688213b2252cea53eabfd4

    SHA256

    0fd6576b1b83bed5b7656f550a2ccd67c19d0e1c206eeeac7f85eae0fb042784

    SHA512

    efc471566ec2288209d95fb45c61ffb89ffb8a74ba7873fcfc50062792db92188389eefd99a6948474ea4421ffb889f9ca2b7e402d85bfb41d756dd73191085d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b91776d507116407bb325705dd229ec6

    SHA1

    d0c2d6823bbde0ac1748bf52ca6ebd42e609ed77

    SHA256

    817612f29f28cf6af9c02b3ede83d610cd77886352d456848eb4a0282bb3e29d

    SHA512

    48af996c2f5c740c65b97c8a16981e9e357ed13a84a782db96c734fd79526096344f8fcb07b6a2af9088c01e8757e48cf0e098b722f586f8face44f7adf33f1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c50671810ed805ee3d984ec088aa7e5

    SHA1

    ea5fdb804045c820546fa0e784bae2d964c0332b

    SHA256

    499cf47ff3ca83584d4fa7ad9762f6a4a53b542435cd6a3e731dc5dddcbf75a3

    SHA512

    7cf9fc53df88dad7be7517455c5e102bcc16b66f15f02ffd92730d90b82ec68e3674a3ef3095b4e5e61abba8d555236ce62f6d12def2c6ea5b132c11e42be70e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e6fb3416a7a2c967c6ddf832bae25c9

    SHA1

    39cd518abc28e6a567817ce9b0d3bb8fd9316bef

    SHA256

    ce987b7afd77b3a03d7809a9b7048da1a4778615c83935cc616d13011968b5ff

    SHA512

    73cd6ab5a8871285fac062cbf0058b51e99a22d49aab987f5693a820b539c2dd37a0a157f2f04b66264d9a3378498aa62b9c5e3b7626137b26bfa20bf9f67efd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11f9c69232582712c9320302fcb2a7c1

    SHA1

    920de47bca145a9b0f20ad7d473b75c067ebf10c

    SHA256

    efaf4f879bd9842f372c4f5bcd087f064d73eff117f88d32178f079a118b3fc0

    SHA512

    828c040bcd7428bc6db89f6ed99ef4d12a324d772bc08a105722862acc5eb563055cb5cfc76256f3c653be5be5c4f74db9dc54867bb969d8eb9709bd44717a29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee4bf8f61e63c715d858b4c400214545

    SHA1

    669082cb69ed5f2d36b494916ed304de43a62829

    SHA256

    b2efedf90f2de7209d29704b0f28a4dc5d37fe35916ae7c640efb79074bbb16c

    SHA512

    692bcdff95a62bc8479e7181e0a5353cea1d95d42891407a4318721f7bdf33d3df3574a76b0a6a4da2c3e4ae9f2bd06e4ac69f6ddd225bf2bcf848422fc6bacf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5fee87f4d930323e8e2970e9612256a3

    SHA1

    37320e6f7a75840d815a8324e856e75ca00214e4

    SHA256

    1abd05fc6c36e96d48b3c81faabe0ce24bb2e7ea018811b9969a5508e4093e1a

    SHA512

    912009f5e5d98904eaaa7bda73735fa1a583827648092419fee045051f7098d668513814a6693863be17d8c4486edb345c0ce4d9c0a359fee300f8eff59004a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f60b8dc2e73388dcc6dc3ef7c4a1c99

    SHA1

    4158c0a44030cb6e83ef550f48896b637701a9a3

    SHA256

    d26ed616ca9540f6c5d3798742c5b64e7e8c211dc2aa86b566645bb7068ac99b

    SHA512

    555c222fe4ef55c40f215852ddb82999a0fa9c680b8d728b218e5400f5079151df64f261a8a5a7428673706d76b5963d59dd0b02e47b6a19dd3e2ee19e3f7d1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7693d99c337c775daa1052bf85bd3eae

    SHA1

    ca6c9d6427ca79289c1c42ecfa12437d70c3a9fa

    SHA256

    0cd5e0aaaa4328e111014d9cfa137fe8b2cf16c5f6cea83e998510e6d421aedd

    SHA512

    3156d1a90659d8b83986a86e6db7fb0102997cb153118dc8f7922c93c25af93cda9224c96184fcda10678ab42e3603beb7d892b0733a7c69df8eac124916eb53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c51aefc83a2099362243ef2c6e62bd6

    SHA1

    89c99c376c6ef7728411d624cbb0ae4a04f9e395

    SHA256

    3ce000f68c5cc3a838c50d67fa70861f58438c01a02799a3706ed158460a14a3

    SHA512

    f1f0c9b82c4cd2d0fc6a9d837c278ffe24acf9789b5621f876858dc3d9500ee72085f064b439f022f9e98d06f64d8137f016d6c4e203a03d43adb8f2c4f22c70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    225027cd6605a571db3bdbad6b60806d

    SHA1

    fde99725feac06383e615d337b6f5b00aa2f22dd

    SHA256

    3175d286966f9cb7277dacf760d3b01e8fcc0ce8e078b80944dff6fac5d84265

    SHA512

    7f23d89eb0ef6aee94148d09409c0252447cb3cbce2c0df77884ae37221c258e7765a2466f1bdc01cd05a8aec44ded2e5ced89ebc057dbecdc6822b0bbae6100

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5f0c406bfbf4bba8f425f3c692aa7e1

    SHA1

    ec7e352ef6740bc8c957f89a410e8664809b5864

    SHA256

    4508e657062cc04f52ad6b90871386a0a4e93fece52252cddf4568070959d3e0

    SHA512

    2c1203310983b0bc15bd12b8ad99ef9d768c6f2c77272fac963b7fe144d1d47fbfe6c4ce6b441f47921dc9364e38ded4f749aa402f663e8740bff3cdb945e41b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47796a047edac9110eea568826395315

    SHA1

    41d00ddf50778125d4980e7f784a61223df9e2fe

    SHA256

    1c7330b534f4a18688b4ce51b95c55fd49fceba523e1ac7620a3aec23c08e725

    SHA512

    8a2b05760a354c2e161414e4564eb7932476b86154123a4dacd2b6c898523d7f3c98d5ed232ac99076ff9d0b5dcd4dbbecfc5f1bd6ee1ff865eb336e354cb06c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d58cef080d1b05d30394df7e15eb4c50

    SHA1

    50d1f77cc35c92f0ce48f97389fef85bb535d853

    SHA256

    96c196564a62a407e83eb90c2e98682d35d8c2fc7aabeb7a1531c89a28c8243f

    SHA512

    a5367c3ae68b55f40153a5b8c6f15af6387a5f617a7d0b27b3d3e605d96deeccad773e49f5d5cf401c487ba78944e10622d3f3cdcc8afbeb0f28421692335bf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc359868e32dc44b70e923d8ca252ec8

    SHA1

    8ee79704ea0d48d4e8184716d2159aec842f5bd0

    SHA256

    0b0aa3e32f534b3b39754647462beaaf75fa62f31af634815449734ac64d4d05

    SHA512

    2ac5e086984d4f75069293c19a9f44ca55b272bc055e43064da9dddf3a175c34c56bceffceb6fbc92b5f26d7e4021232cbac22a1a34df18c780b973b71e3c071

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4cdae04bd2e0eb82db7987c13895b40

    SHA1

    1abaa28e5d59dd336c2dce1a635ab84b34f8a899

    SHA256

    e3d921964cbcfe365f9b93093e7f426189b423f0df15e5bc4e1842b182df16c0

    SHA512

    e635c7a684fb8551f0916a165e204e77ed92379d5419bc3033cc843c6e17ccd7a9ec3b2900c1b42e8edd6dc025c5952a72c25e1173d6ee669cf1e25c4cebe012

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab740A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar747B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/576-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/576-6-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/576-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1464-0-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1464-2-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1464-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1464-3-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download