Overview

overview

10

Static

static

3

0e764040f2...59.exe

windows7-x64

10

0e764040f2...59.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659.exe

  • Size

    1.8MB

  • MD5

    4f2f750825afb052a301916e922bb070

  • SHA1

    e087c8ec1d7155e1c0ac7634299af0e4e6c17a0d

  • SHA256

    0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659

  • SHA512

    6365f5159943efa200ee20b3503d0b0a6649287f73b389f7d39a50605a81ba877ac704289f5b4a798b0387e386f964728615fcb597b0b64b0c33a5c1f3d4f188

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09aOGi9JHyMJmUgLk7/QDQHcb4j4wBC33hF7b60HNB/aQf:/3d5ZQ1mxJTJm/Y88j4i0jftBCO

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659.exe
    "C:\Users\Admin\AppData\Local\Temp\0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Users\Admin\AppData\Local\Temp\0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659.exe
      "C:\Users\Admin\AppData\Local\Temp\0e764040f2fd6e55610ceb4e9c26ef5700b88f39976d568e177e5dd87177d659.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:828
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2720
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11bb6bff5908dc4db0f433a00a876790

    SHA1

    27febbdc1e9d62951d50c324f3995692ccef5205

    SHA256

    cd424cf121866d7a81c44a0636c85227cac9c0434c5eed06f33ed781f604c3b1

    SHA512

    ba071bac7faa36a6539717830e279bebfcf61e8a0fe62784a89ef37f14f514b96004cfe7c74d46613a3b5247787dfdc098034624be2652690d0dbf8c11bbb020

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f25b2125881a2d7c160705fa83a4cfe

    SHA1

    a83a6db2e0cc09b7c8524541e391d63d7a86e831

    SHA256

    0bda39dc2294e1542f172bd9c5d704f9cf9944cf0dd4f194ab28b98a7de0c12b

    SHA512

    726168444b9d41d3df05b65997ebf741087817c7d745482a732e16af1879abc54d6fc19bad2c4bb724a83ab59c0ffae23bb230f509938d195d007189142bd426

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c880c675fd20d7061cb26aea43dcf3d9

    SHA1

    afbad3059b32a921487fcc931413c27abd86aa45

    SHA256

    b7aa777091bc6e0d7e6c00d52a7b7da6702169b3ca45dedcbea633a37511d706

    SHA512

    77bdad1c8a6777b866559d79f3f9148b92ecebe1455762bb6f3a759819d857e03333d46219d44f105f86b909b79a609ebf095c92bad6041bf4d920b4c08a9b26

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ec4e4f9c377e63549c00a49cccad33e

    SHA1

    cfa58e5af8bd6e7b99c86137a2f3df49d92613d7

    SHA256

    da66bd6ff605670e5d81d8368a25c85958124a4f16579be0810a1f684345fc1f

    SHA512

    e88710878ed13627400a9f3d52fb2e2719a3df09218e6cd30df6e9c3f552e85e8690739b84ae4194359b89f9b8e0051a539df49b8b52d536e7d03527630efaf7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    226c21e1ff1f48c9ebd5d5b3c0cbe865

    SHA1

    9ba0d4957291d1e7bb91edb9ddcf9170ead74902

    SHA256

    cb1620bdf81b0bb1aec6e0b4e66ebea3280a251bdb55c4ce10194739b5c5e8c1

    SHA512

    a818334e791280b19e92bd9d929947ef2165558059a47156bd5ec5029b76e7034b3a44a5ee60c8032dd08329ed7470e1bede72780a41c00869e2c1a4b590371d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b4ed87ef18a5e0122ee23e58c57357f

    SHA1

    4945e36e82accf2188c06b59a32e9fd7fbde5ed1

    SHA256

    046e0f7c9f5f23020cb4830421bc072e2408d824e382d64b432e517f07d26d94

    SHA512

    674f6d58400335c8f7f40113da1acccd5fca49173cb9f55994b9a6941556c0d87b753ccb1e2427824c6474d027a2dce61c606a56ab80ef2d1f8e807286e8f4ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26cd637daa85a38bb6cce818c90d81e6

    SHA1

    06b5872eaf19c85e1d0d74a45a4421af4ab8b41f

    SHA256

    f4bd66e1bdaae0b5e5af590305ba748f934bf636d84f956948ff77defee62a4a

    SHA512

    dc6ff0227ff626c8ca44d39c74af72333da72501f04b31a3161adee0eb65eb73caea3722ca6ff4087de15ee0f58cedc0e834aaef5fb8f4aff77bfa09eb74d97c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa6d70da1b9a2ec0e406fc89bb4b4bb0

    SHA1

    08da6d91e5f36cf82dd84ed61f1a66263167f7c4

    SHA256

    5b0753264b70b3f3ca2ea22ae4f20a5de20c4ff84484a426abe5df984f7ae298

    SHA512

    fd6cabc49cc7226c478d1d3fed3417f3faab0a8a9b5fd18bcaf87367120d6f6a61ed728f9fe00b47c2c96184dc102e17817a8c466ac714f0d270383f24218cc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    191fbf6ea54c130fbb10e32ba2e932c3

    SHA1

    61a7a107ab33498465cda1889855580e7a5077fc

    SHA256

    5ab40688b8096e5d042adb793df4dc9c053e0022b49c57bc409656482857033e

    SHA512

    286af6864d2083c8edd0893f091ed89f81ae2e238fa3eee25967e07a09bf1f0a77d255e40f2c5094c914134c96d7b77513886f1ed48e9b8849883307589244d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f2a564cd9003f01a7ff166b8f6c1254

    SHA1

    0bb4af78712b4743300765474eb21cc4c6e6652e

    SHA256

    9ff4e96e4115348147a5183fdd552b13b76614506f093b5f13d5bfc784671b61

    SHA512

    e4854e96cd20ec4b535784939c62c37b9e5ebeb64e5bf1e3403ec5dd3b85a1aa449abd9a7e26c13531f44dd98ffc35cea21159e5bfbd80f0c53faf70dcc5b5a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5fa7758733f381771f822998d54c814

    SHA1

    931bf75400a5f47b3ab66404180528ec98d657f1

    SHA256

    a761664bf927d02b230737579b4d979c89636f8e5b7479ada20e2e11a30bb88f

    SHA512

    3790e5301f247631d333676d0780184c75253e22cfdde4521f74eb983fee7e5609c5a46f52a4c49e1652739ed6f0007f3fcfac8b6d054200b1e778372c3fe11a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0650196f03db13afa8a4996bd3d09bad

    SHA1

    02e383c798c9dfdaf58a1a4b6ee1a782c5bed4ef

    SHA256

    cf5fbce8caa93cabdb587f8a4a25825c3900ee6acc5bdbadeb0f9acbeb487502

    SHA512

    e7e12dfaeaa283a6f023193d067084301df8f7eb4087c76c806159f6c001e4ea2f8c92db91f1a53a2b4aac4e21e117c7fba814dfbc452ad6ee95f1255d75cc2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2aefd9a3d81b940ee036a834c3c93a5

    SHA1

    a9aab68d581b4923e0f0abe463acbcb54adf90d4

    SHA256

    1af342d0ba71bdd4dd1916680379780a9d7f5ebf0524a9e4c8a69390c06ca446

    SHA512

    94d265e233276c43aa62df1878342476e7adfba317638fc128811fcb6d2870856c8c19ed67bced03fdd6602562eb79b640105534e8db7a3b7364c7bda69b1063

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36591db9b9de880752f313c99b6bde6f

    SHA1

    91d89e7294025af79694d8b791d6f3bff2bde7c5

    SHA256

    c2ccf5b45a275a6fd407876cfcbb4d1a555a85f6adbe2b28d07c9e27b3cd45f5

    SHA512

    8e345bde3fdc2e840e11b94064d9508cf98ffebde223231eb5814e3ba53426763f05bfa445d6bb2e5e54f56c801ab726e350ce4f2a27900c411eba3684f47019

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d8b9a1490a933e8140b194cf12112ab

    SHA1

    34aa318bdfeb944de536a47c57350d5e8dd879a9

    SHA256

    cc62df07e33ac25415f4b50c0f1f6ebe0c0e94876a1704500cf44be7deddcf54

    SHA512

    29e4adaee20c79d584ab06ec9ee21f44c165be34abd0f0f7e4c1235cec50ba6f7fdd00beeb23181bcf2fec5643accae5c944522e2e059337c0b22b39c3a2de11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0808a097dcc37c5b94fe51672f2b98df

    SHA1

    e5fdc0db4acd10bcd12d2a9e5c55723eafa8679d

    SHA256

    3be19bc2d6a4aa47bfb324b2fa2b352d3f366aa31176750511a0614dd2a10f9c

    SHA512

    fb8a42952bff77421773d59f77724e2bc207fde7ea8be779ddd73e0d79acb40ea28566b76558fd75b77214ac44ee474697689c6c1c1e93ea5cef9e2bc66fa135

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    278326e0abeca407254c80915a3ed298

    SHA1

    44b808caf28752e7d746239401793d1b17190df3

    SHA256

    647761369a7aec80a4bcfb3a87ae90630d1ee8de0b30b0f160f5918ebdb66f21

    SHA512

    be3ed1b72ff25246a44ecb0fcc9508cf8e69b15c5274924120e23d128fc8260144f5b0f2e990e53077e44b8fe1886a4d7a6bf72248bfe349c9dfa79ef8294ee2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    60736e64c55bb45baaeead6be7e441dc

    SHA1

    d8a771fdce00409ca12cce42377fe0c82fadedc8

    SHA256

    eacfaf05bb251063e65ba721331ee1d013658e37b3881d4fba9004b026387a08

    SHA512

    944e3aff0114f587ce40e7bdda15c26624c199eea12305a091a8ed3595ac15444438a8be5233038a9a005e86fa2563c76f496350e2898d953f534986a2cfc24e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5baf9be0fa73b106448f0a0373b3d68

    SHA1

    23258b5f943a6ea001c7b277d5b2d80a48571d0b

    SHA256

    344e68b320635844468f367a5e92b7b6c3715517ad949a56f7d1c8b1ffac3998

    SHA512

    2d9780271b40f776558240890af88171bc53be9edd68eba6c6ea33dc399e2a2ab20e875002e3370438717d281b4273b62544026d8439f35611dfe4f4cdec0348

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab99D2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9AA0.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/828-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/828-6-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/828-10-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/828-12-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2376-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2376-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2376-2-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2376-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download