Overview

overview

10

Static

static

3

1a8872bdf8...76.exe

windows7-x64

10

1a8872bdf8...76.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-11-2024 10:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a8872bdf8bf58508f279ea50f5b137de5acbad0f204daae4918afceac2ec676.exe

  • Size

    1.8MB

  • MD5

    ee0926816777a4ea755ee40b6006c2c4

  • SHA1

    d69044c6a9d6fd106de544cc2502704e6fd9d63a

  • SHA256

    1a8872bdf8bf58508f279ea50f5b137de5acbad0f204daae4918afceac2ec676

  • SHA512

    800fda45c90e68f2ea453a56582de07ad347324ee17f5fccbe4d7185f2809f932fd9e8e98e9da1fa33daa7672fc44bb7a9b9165086d6bdb0b5a3403176a1c6d3

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09JOGi9JbBodjwC/hR:/3d5ZQ1TxJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a8872bdf8bf58508f279ea50f5b137de5acbad0f204daae4918afceac2ec676.exe
    "C:\Users\Admin\AppData\Local\Temp\1a8872bdf8bf58508f279ea50f5b137de5acbad0f204daae4918afceac2ec676.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Users\Admin\AppData\Local\Temp\1a8872bdf8bf58508f279ea50f5b137de5acbad0f204daae4918afceac2ec676.exe
      "C:\Users\Admin\AppData\Local\Temp\1a8872bdf8bf58508f279ea50f5b137de5acbad0f204daae4918afceac2ec676.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2832
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    361e2beb4753fb51a06a67d64bd7fb37

    SHA1

    4e8b271f59d917fffa13196dc647f62c432df743

    SHA256

    b1241adf63ac8819ba1e62244afb6f1bbe5764d6f7e0b3a04dd600b03ef8a1e4

    SHA512

    3ab2f483b3f04787d812ee3dc69d9a3d68a6a843b2789e1727371ea424894f1ae59bf67dfc6a995dfca9138b256d116e43ce31de1c838939be354ec458323eb8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5006217212a40e49bce7967e2333c29e

    SHA1

    f369e515091da14531814670463aa79d1b7f6189

    SHA256

    be3919cf0b5f9b01cf74ec31f6b26fd0869317958e0da2a050479887376d8556

    SHA512

    b78d2ef566c069eb9ece2e0da9db82e05f71614572d0dc53d2fe53ad5b4e7bd027b0ad6086ee6693400f58d3ee8b27a7ff7e17bde84f91846b467cc57dfa5109

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58c6f24c7a080c3921ed495a711f8914

    SHA1

    d79627f17dc647660ef356c213cced9b2134b089

    SHA256

    afc7081b02dc8bdab274b2f8d4d94da48f0e1bf5b2e1f8dad24dae5b8fc92782

    SHA512

    384db63b7ae742466e075c0a90fa7f5980c869ee2e06ff385d58f8b7cab49b0c142ee7f17253cafd0290bb069773eb9522d485b4a09d856bb67a232b644b4c9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86acf09f23fa87f37ee53f42d5fffaee

    SHA1

    20edcadb03f656898c213b17c6533de7e4af8e95

    SHA256

    d5ec75ce60ffdfa13ffc837243ff7fb42b62ed7a1eb707b1b9e44ed5e80c547e

    SHA512

    ef03f5cd695a67a6d378d8736333362575d232caccae5606b2c71510d21a233f1054f1e7fd6dc1a9ca0e2ba1ca6fa2d9501a233f73adbb2c2c10096eb67da9b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    980e76e5eecd6f9b08ec4ee2ed68d815

    SHA1

    0b7d91ad06984edc9fb7d6cb27fef5b123374064

    SHA256

    c3f7e4cdfafc1e0ccc2c0be9910c70d8cc6354b2f92c9de450022f6b8440fc31

    SHA512

    0f27598c2dd5baccdfcc3cb058649f3e03f99f59ccf6f83175f7f81f3258ac490ea307c1f2dd5b7593bc6c7d903941224c4365d43880936c0c6186eee1f51276

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3d3f9289958c6952e928803d8a32798

    SHA1

    9e6647621eeef35b7d7164f3653d250d4dcd06d2

    SHA256

    37d45804487b444c0c193a4ef0da99e97b82e568a9e5d6ed5f5630816ab8748d

    SHA512

    ddbb5a105303fb683f5a2d4422ada84b2ab3248b6deb0c198de85991357a2cc3f1f89506e683cc2b28da389ef1b8031c861dfb6118206334c7910e3fe6ff7b53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1192217ffbcdd8a24b8aa30c1009221

    SHA1

    942f8f12e0e392fc3a68bb698877f1eddd7daf69

    SHA256

    85b8109bae2496585048907705ac21c26167ddc0fea4f6b162ee2277c3b45658

    SHA512

    51e2811785514669b4e4b290b97782ac6330b16fa2801fd3a4f8b328a55e42529becf801001db5e13e72c8a89e830d1bbc642a010d91f91cb833f2eceed52659

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c7b4057c8c35cf40cb44fdfc70519a31

    SHA1

    e72d1a8d8ef231763b79a65c9292049e07a16733

    SHA256

    e74f6940dd7239c4bef944a0c0b02e714bf69289dbef457b2316e6813f1ef4a5

    SHA512

    947fcc586848baaacab76d5400798c64ac961c2823c68fa6ef8b92bc6eb4d9f8e38cc9e9456563a5ffa725356f378fb35e161169db21d8a7cdd86afa7bb3a449

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f8dd11e6bc8519988055a04d0ad145c

    SHA1

    2a8909f03814a399aa27eec46806b3a8c2856ae5

    SHA256

    97555a482da833714ff10ea18bee91f23a5fb894c105b0666604cdead1f6ff8e

    SHA512

    83fd5126a69f4834ad893d24c7df94b23025b2b5b0f258cd2f8a428242aa12eb787c8b1623e78179b971c75c29b3b8d350f3fdb37ce5c38665cc4595a83e257e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1741c3574f33123e094cfd0968cb8bc3

    SHA1

    ab3d335aabdc9f9ae944fe5dadc27318d5759183

    SHA256

    700947b78fa00004c48b4ec99c8a3f7d7ee044135bcbd7c504bec15b04139b2f

    SHA512

    c6ca2e321863e2f20d96718d50264ca7232af886f73eaf6bb8e8fc84615443214e89422dd223a92f19f1aab68f6aa7b548be952a045f6185332f06b59543df57

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    701bbf1287694f8afe5e3d7ad7754e8c

    SHA1

    c56dbd16d98c3c216517f6dd7fff555a49ea0ff6

    SHA256

    ccd50791041d46f9b9625f5b6c9cd745976baa5c3d7b925807e44146949967c1

    SHA512

    ac094f6f42aacb4a26b6b75e5a154b217a35cadb7c811eea69bf88c245ef23bdf50f052d9389794a8fd624757c8f2cb635049f05a058a0463a24eed55876fb59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7431a89ddb59656d31a0a91268fa2730

    SHA1

    224131982686d1bf441ce17d4b5cd9888e8ec2de

    SHA256

    f488fa7dfa08f6e5a35a704b6f3b791bf49644ce0be1d3a3dff3cee210ec2ca5

    SHA512

    7a4c01ee04e25e1632c6d5fced32155e91b1653af3af3822e46b0d69464c1a645f60b775e894f3e3d0adea88bdf6b087760ae654c3e691a31604b146d74ba4a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41986ac995e33dc93b9b04274e26b39b

    SHA1

    089ed598c64d913247e3eb63017fcc1855c4be66

    SHA256

    f1a675a03cece9d52f50e088a39836b996475ccfad4d02130f751ba0a32bbb6c

    SHA512

    24eac5c46f37025e86cd40a60dce6acaaaf225dff69917daf6f3d80d78cc7967e19e5477b7d1bbbf6b3771515e6de28fae7ae74e7b977b8a51905ddcc9df2c41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a0588502792064397e0061633f174ed

    SHA1

    e455be283234032debfe4cc1bfcc482a28982fe7

    SHA256

    e721f315f5442c965d5e89701aac61d45a37c9af905773fd064602476185920e

    SHA512

    c72d1413dc8d625d5967bb949d847f62930886124675924a6c827cc2da0f31e4bdd757faed6169f804e86643085617c92c849f4f0c0080acd65ae6242182ab3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca0edfc0c8c83e41dd1b477e794fbe74

    SHA1

    51fc34f3964215598eccfafcdd786289eb06e8e8

    SHA256

    500b407fd33f9bf376d51a54a4907b07b80c94e7edf0621e466f4c440c1a8d64

    SHA512

    121df04380d16989b13175ec3fd7f264022eb5917886a0e8b51c2083f075dd0b5dc8bf69777ae1c70e3e237a7bd0d87c0858bd295a51a17f539751d88fe9a97e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6455a9318e9e205924a50550565af39

    SHA1

    2bf30e5bd2b1d7933f7d23bf5d06fe4307412e7e

    SHA256

    59675655cfe59f816abc3f804a8cff6766285b9dbcfed182136d17116b0d4eb2

    SHA512

    22767fe0583528ad9851e84cce8f77a7358f994c2fee147741b81c6bb20c9c9de088d8923124dc8a3728906f1ca2592cc796c04ef96c70ac73b39b6ef860663a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df0debc21b30d3c100268d9ff78e2a00

    SHA1

    3e44cab4bde0fd930816397fafcf98898c4a6688

    SHA256

    5163cbfff236b75e51abf2ef0b36aba4a832e557e4b500db2e9b28eeb3743d2c

    SHA512

    ef3cb41fc41ef1017c7832b34f9c726ea929595324cce3175ca5d3ebc946df7d9cc5977ffc6062d0a41b88e6f7a04b44945390a2e63cc27d66df17ae9db762b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3444be073fe9997905c1c2fd4c0ee19

    SHA1

    2d52461cb9bdf44f3aad85a24f387d332f1aacc8

    SHA256

    8e5df0b21c22210b2ab88ad047a109c323ab9f7de81434aac5685b0e1bb3d187

    SHA512

    711ad7d9d151359db4114ffaa59dbc13f323d07f928c94b3c03eedb4274ff89a9d70dc0dd47c1d7cef756920f0f45e7b34a06577a88aa29f61e3eff0c2e79299

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2383bc6552cf5770c9cb0828f9e4348f

    SHA1

    d9d4778162a6ae3f062450671f2fca7e032e2fab

    SHA256

    8e6dbc15b953cdafecafcc260ae128a6674ee519332ea45bc8933169e9c02116

    SHA512

    0b7e29635d422352b511501888e671de1531c0fd91a41acc4db4b486249abb8482d31a036443493d4fc9305d12ae9e5ec0428cd25f9511001523e15685ef1ef1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9012.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9092.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2084-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2084-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2084-2-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2084-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2940-6-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2940-10-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2940-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2940-12-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download