Overview

overview

10

Static

static

3

0e764040f2...59.exe

windows7-x64

10

0e764040f2...59.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    106s
  • max time network
    106s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 19:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659.exe

  • Size

    1.8MB

  • MD5

    4f2f750825afb052a301916e922bb070

  • SHA1

    e087c8ec1d7155e1c0ac7634299af0e4e6c17a0d

  • SHA256

    0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659

  • SHA512

    6365f5159943efa200ee20b3503d0b0a6649287f73b389f7d39a50605a81ba877ac704289f5b4a798b0387e386f964728615fcb597b0b64b0c33a5c1f3d4f188

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09aOGi9JHyMJmUgLk7/QDQHcb4j4wBC33hF7b60HNB/aQf:/3d5ZQ1mxJTJm/Y88j4i0jftBCO

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659.exe
    "C:\Users\Admin\AppData\Local\Temp\0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1820
    • C:\Users\Admin\AppData\Local\Temp\0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659.exe
      "C:\Users\Admin\AppData\Local\Temp\0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2356
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1854c1897a4cc3ddea500ec8950cc4f1

    SHA1

    b9ef058757b1071f2ed77ee93d9198fcf2aff1f2

    SHA256

    fb4d29f9b69d3ebd2ba5a0196719cfa63b7dcc663c89225cfd4231430c5f5094

    SHA512

    5900fc1f9d700a3d69d6fa32e9fe4f5ee2cba196c10d7e1cd225b558fd6275e1a2778e1bc654c1e43f29e74600a81c945a7def9f48d0a3ff720d48782a9e0dc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    088102621d69e23866f2e940ec4b8aa4

    SHA1

    c912aa3c33005381b581c283f08fa0329b10b4e7

    SHA256

    07b5a3abf0c1dc89c4d1cab0e2a75d4dca4c870e99975b85dbff014a864ff428

    SHA512

    3384df5aff9755b867266e3b9f51da24d700896f7eb4f9cb4c9bf4bee830e2d4fdaa9f800ea74bf79b42c0c4dec598382fb415ac035d76623a77d30c571dd18c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    859dee0f07e40d0058732cb7ecda567f

    SHA1

    80cb5de9b9b9fcc24277eb8309957bf6049ac3da

    SHA256

    0b1d2bc025f902ecbe735bef4576435094c43e71bc00f0ddf381657179e3e514

    SHA512

    49106228aff260135cddacd256d9724029e96b80bbf8da540ff47b622da4e46403085b32561c2b2bbe84799b18f4e3e68e5d1de32e0f9539ef667a95d69c3784

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5426d44a9c419d9022ced9bd347ef195

    SHA1

    32585096d3cf3a73d1fe3cf83849fc6eddeeedb0

    SHA256

    f5e044ee1b280fb5994a427aac2aed1724528c6e19c4922b53343d7af9b68687

    SHA512

    abc1449d50125e67261f5eada6827ac9539c346bec920d97a91f3e9d3d170c1564f3ffcb177bb3fd0a1eedb83c50324240caf44fea1490d0c52ae4d7f7695e37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    194880b4668f1eba66b8045669c00698

    SHA1

    2f72d6cc31557acb626df323e00342d90f556075

    SHA256

    b905a2246318ab2a70c2565203f7480894d27a4eec74df3d75983e15c27e0f12

    SHA512

    bfefa352a7e0ae6d98b58c1cf1d70d603797d689d1b0c32b6be74683b230243e1bc015d0b3a7df05dd15e385cd358f38ae302321c53ba7ebcd0f1f6e114231e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3164cd7ec32785dabda24c75eff699e2

    SHA1

    c7c51cf5eef624fd944ca152cc1d98785e0fb5dd

    SHA256

    8fdc226bd0a00f6e6d5d2abf4c5fa1d5500a1c97a9b57f9e87d416356c719023

    SHA512

    8bcab27ba16c57158908d808b6fb90aae36a399fefe220a532f0513e7f1378da76aa221d7a4b9c32671ef78eb8dfee05263bde844a83505cc4096494ddc787c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b23044a5934a54ffb4cdc41f7e39b38

    SHA1

    440e260f30f2fae95f1b3d0bcfafd526ef4269ee

    SHA256

    b31e31701f5aa5b9c28c834980243d128dad5d50593d4691b3685bdb2a349b50

    SHA512

    b14db2a1baea18d0b68f55af9f847ed8ec111947fc0ff34bf3cc750a577e616a65900e1fa65b3db29a3bf4c6cc9dc29b9426acf1be8e9da54dd3e90c716ea583

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e01a1de7bd70df2a4c32d09aa56b4f7

    SHA1

    041ab4d20eb462264c213295968a6c45a3abc6cc

    SHA256

    cc343676c1d52f94e349afd8e91b27687202069549d77e161d7a04abe190ba1f

    SHA512

    21c96d3fe1e01473f62d53d065820494114d499b8e5b67f6d5da4290eed5e759731e7753f96cd5ed780931982cd96061caa3d2b50184e3f9b13266b149219fe8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0fb12f5d02fcd776ff8153f58b83ecf7

    SHA1

    74be81e652c0de48df935c024c0329027f10badc

    SHA256

    f17a8c6025e71c233da99127621586074a3be032748d3ef50b3c4feff9d8188e

    SHA512

    22f9cc5da1653ccd653f57d847ecf2161857452d9c6a50014a1758f510357226cc08d5c80f9724bba3793132b0dfb4b337a6869f1e57ffdec5ab5cf9d8bba0af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3cd0e3a8d1e2408baec949f539acb0f3

    SHA1

    ddd1296ff76e867cbbb869301d3df603d7eede12

    SHA256

    63e585cebcabfd387907f84b0c2d5f35193812a9332d9bea04b219ee24cf8762

    SHA512

    8fa27f0a2cf6f7e04f5b8945a59f79d3db27ff06c610ecf28e13765047814726433ef8b5c21885246001c7aef2d47ea1546d4c106c1c709aa8bc027b41c47be3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91b4d9b8c6c556d991d74115ad941e68

    SHA1

    0cfec616ea8483ec728936a88ad3b196d48e5de3

    SHA256

    7e12efd806e65e52106667150236b5d5460dd67a9481e60c108cd1be08781873

    SHA512

    249a236703cd9567e80ae22023a85b68d297e2d2a5172443b7c56b93723d6629df9fab3dabef196c35ce2ae447e2280d934ebe50fde0164c5a8856777ef393a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f2da82714db7710022db4459dc2db2b

    SHA1

    42a58c5242d004bef219acdbdad3dfe174e0dbdd

    SHA256

    b64bf098de4077defcd9a815ff1724b68844a3e52e794f86d3a45c8dc122e3c8

    SHA512

    0cee01016474c2edc9f6f379bef4c917dbd4dda1e6d1ed9bbe4bad7a1b7584cfafa3093580cb4a518d87a068ed17d8c7764485cb5a6178fac32d6ae52da3fd5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78cf707ab1f77b7be7d8b83f02a1db07

    SHA1

    2a576e1e7e5bfdfc43369005742497be7b05b442

    SHA256

    824aa87d1ff1300f5b31292bcbc355ffcf9a88027bbcc42db0d450f67765ac99

    SHA512

    f6ead17e16e3519fcf42d9b50b115bdb530dafb4c6bb4d43130a7b462376c2c2e25f9ea00b395fcda915b349eda890908e01c0593cec3117d6abedfd1768e1d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b42ecc7351418b3f0b20f9cf24ef08b3

    SHA1

    6d21f2437bfbf07d7e556db9bddb1fee20b07d9c

    SHA256

    7dd14ec6bba5c786906ab22d3b5032a061452bf3303e23be187d04bc31245782

    SHA512

    8826ff75cc571c03660283ce34cdfd047c550c1877669582006638b1bf7706fd09cf57326e6a9c225f4c05cc8914cd33abbbdcaaffc40fcb35cdb93e3b7feca7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    759ecc064bbac50c2c625c4144f3f16c

    SHA1

    240b626616a579b22e9a2f28539e045ac9265eb9

    SHA256

    1d87a1bbdaa2fa53097e201cb33a2559b4f12a027432162540679a535810e367

    SHA512

    c61395ff5cafa3a260f985a6fc9d4a7b95fd7238af5baa544e7ae93efa970fcfeb98fe39f803c89116a429c882441f7b4b38ff5aa8555e16c2e2440795586227

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    edfa8a399184a7a97783c53448c5e6c9

    SHA1

    8ab31a82828e002dc9a8bc1a937aef3d2fce3fff

    SHA256

    34fba128c213d1122f8b58013bfb25d664753da3988ca29d7ebe56d9fe377d9c

    SHA512

    802b062d2b4a72f85cd24b6e8d1e87ca4d55fa3f95deb201be182735239cef88245157b8b4aec95d9568e5e6be82597bf813d227ff9c8fa587fd813477e57e5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82acb57ab81e7e494d4e33bf02fae100

    SHA1

    f51c68f5dbe769050969e7cbbdf26ce9e033fc5d

    SHA256

    1cd868ed422e4c52472ec5f9d07eeebe73e3c22a1515ea750b867f50261d6edd

    SHA512

    573c2faf7a2275d4be22490fd3df1786dc3520e103167c43b3ad561bbf1bc77b2261f58ac8c1ad53c45e819ed01c8bf92e936f2affaa81a780fb73ddd1cd5033

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7261491903fe27faa3a5c9cdb557838b

    SHA1

    a1a2e1a11fbf048c5102e9ddd4d72c576c082cb3

    SHA256

    5df2a256fa4bfa0a50b51bf9726baf5f20d6443718a037266afa87cd7d93219f

    SHA512

    47e75c8c028679ce25dcd1205b12209b086b2454a128d1192c494c0626f4b3102b20e0b9fdcb5984f63295937245d120e3af3143eb2ba811cc20abadf7f37328

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9490924ddb954245845564408c8fa4a3

    SHA1

    aaabd485e84b3d17884f304702881a59b30bf5af

    SHA256

    890b1e0759f2d39b149ef9b9085e1dfcb8c5932a7f491e079b7e91b080a0a278

    SHA512

    c6d567c0d6bff37da7cb93d81df8d4f2c268c6093cfafe9f2d92e390e6b1a87c86813140fa2321c4b3a65968b4a38a513dc30e4c4adfdcb660a9c85f0f1a58e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75a58cc6f669c7722fb5f84cab5af03a

    SHA1

    88778a0b0f1058b05252e6fcd897bd9956ace86d

    SHA256

    f1f353746d3b5d04ada5c96eb7bea44704e44158db8aa7272d750f8665446e03

    SHA512

    90e10258d7c3fccd61edf8beff373531b45e2e6d393dbe333b16506cbb846db6663b18d906ffa7934609d3b0039712d205d70b75d50260138575af08d1fb22e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC63.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC85.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1820-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1820-1-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1820-0-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1820-2-0x00000000002F0000-0x00000000002F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3000-6-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3000-10-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3000-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3000-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3000-12-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3000-14-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download