Overview

overview

10

Static

static

3

4841801375...e4.exe

windows7-x64

10

4841801375...e4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 20:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    484180137520ab9fd4226f5f6bb863927d9b23971aba3e2a10158e2588f6d8e4.exe

  • Size

    1.8MB

  • MD5

    935d0fa1882822e85014a7a9c1834e15

  • SHA1

    5d72b82374465cfbd697adb20f21b2b2b18ef033

  • SHA256

    484180137520ab9fd4226f5f6bb863927d9b23971aba3e2a10158e2588f6d8e4

  • SHA512

    e594f882324fcd41909cd743ea0e5492bf4d1b63435a41b2bef76b0890a6a8830b0d60d8a72a5e47197962c0e4b92685adf0212300b6e1a8211373a01ca8b1d7

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO091OGi9JPnXixUmjkfe4o7AWibjwC/hR:/3d5ZQ1XxJPXkUgWe4o0Win

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\484180137520ab9fd4226f5f6bb863927d9b23971aba3e2a10158e2588f6d8e4.exe
    "C:\Users\Admin\AppData\Local\Temp\484180137520ab9fd4226f5f6bb863927d9b23971aba3e2a10158e2588f6d8e4.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:524
    • C:\Users\Admin\AppData\Local\Temp\484180137520ab9fd4226f5f6bb863927d9b23971aba3e2a10158e2588f6d8e4.exe
      "C:\Users\Admin\AppData\Local\Temp\484180137520ab9fd4226f5f6bb863927d9b23971aba3e2a10158e2588f6d8e4.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1816
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2536
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a494290255e6ca0c2c7b51f0cae9779c

    SHA1

    07bff6eeed512793dc682f2576f5785314f612bf

    SHA256

    1a593faa639d56bece2c48e456b2bd48cd6908771159283b75d4790a48058733

    SHA512

    8b98c191396d91133b62f9f19c2a00919a7e75ac808e04a31e473a531e5e55490c90052b550fd64b000548e15ca516f4532d3bb720609f3547eb4403cdee5c8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ed72e489004d5dc8d05d340dd1445e3

    SHA1

    3461f2370772029059943c4a358c2b2c01224400

    SHA256

    b84065e41bcd256e46187bb48a6b7f6649a24e27e8e061ca1e8cf1a6e1f3c6a2

    SHA512

    e1fcbe2458972aac8d4d7dcfb7f50e0bf43279fadce1448a63746b4470fd458ff5cbaf9f0b80f03ca570f864980d0d361b697a29868f759d1565ef51d51f0888

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db9e722e025c65f0f127518a6845dda2

    SHA1

    7247ae5cf859ac91e6704df97615c39b9596e993

    SHA256

    b166e1fc718af2d9f2d3897f759d2051353ec5b39b8fe9ff7d6a1e45c2cafd62

    SHA512

    72343c2fe5f4a32a0d80527195bc7ae90926fd7bcc9b6bf7731f090a2ac12f976caeda6cdf85b1ad53cad03043ea2c1ac0f8ea8f4f68bc74005006a30aa20c29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c26218e4b83549963c4bc4804f5b5e55

    SHA1

    26e522e2362539c1865e75d92c89c349b311bbfa

    SHA256

    57d2ecf2828866fc6d476409737b5059c7bf9dc7abc9d8744d8cb989e0624b49

    SHA512

    3cbf8f5e3895d61be9103facc2f13f5c61a2f411e72cb9778afe477f3626856f87b4446657a77917146c5d98cb5002b5d8549b63a46a809e8ced85ae9f2d55aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1cd3708565b476788c47b091ea112612

    SHA1

    4bb896ab68fb1436fb8e07d8e6fea49a4bff1524

    SHA256

    297f511ba9ab12d96e27c628f42b25237afc8467f4ff8d751a1edf5a839c824a

    SHA512

    7cd39a4aa9645c4c3053fb61fffc690fbc81c82046da7578238fa1696e47657ed2ca7de5c468101948d909b6a328be5a9b198f4f86c2a1bc183857e569d1a04d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e79547ea13636ad75948fbee6647f3c0

    SHA1

    509c97bef0b98549e7ef327049dc50b9318b6e95

    SHA256

    a333d775e996952840d336d48dd5b5900dd8aaffe96918e80b87752e8c1f49ab

    SHA512

    effffa41d7e1d2353859232ab6089c47fd2d68752c400d7c5aca6318fe09c88890ea072f01329fc620a95c40fca909e5dd153ab7577dd279e70c98ad22e7655a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c0f7e1bbfb49193636c609abaf5e625b

    SHA1

    0ba4c6c10eefd40a820ab08108d232298d820b11

    SHA256

    e1cb11be4b6f268553a6bf1ee0767edac4c9148081d1a784e7fd90a25e7e4e3a

    SHA512

    e4ceb0e49c26d0f71e118386906aeb397b5518c747fdcf3f79b75026da72fc6a7227b51d1fc04e8203dca252425ca586b27427f3e7ea660b08fb4304dcfc2a7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2d01cd10236359c4244113b24583691

    SHA1

    cd86609c02b7f6d73ab02457e75b41d0e695037c

    SHA256

    a8d847a890773d4409a8e32a19a52f5bd7fa97fbcf9818f8b5c2342318ae8dab

    SHA512

    cd05f738b7bc393a6798e61da4c32a4727d29a8c24e8f16bc52dae6e5372a0d21001173dc92d3a318efd54979d044547cf4c90212eedb0514fb301d4473bbf3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9866f96bb39cf63d408a10250625b0a7

    SHA1

    b45648992c49f0d27cf34c2f61015468632520af

    SHA256

    0dad9a0e2f119cb9f2ff7d7cd6677312dacc7830554d46ea45d36bc5c94d4905

    SHA512

    a58dded9963ca051a8dd43eb11c2c524646de2095e74b283ea0daf361bbc20c21c0a086559b4c7a7af424a97879f6dadf9aec3d355878b1fda854119fcf27345

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2762e686e38d505b4e5d6c2bec55ea7

    SHA1

    b47b18ac02d67750b38ef31a6926a8dfee9b4f2a

    SHA256

    c5f7c9e3f18e2386646a5a0cd591003d5fce93b628351e1b3ea42130e1b26210

    SHA512

    9de13ec564a17662875e00bc54155f1a32c156a7e4dff9e8b6370ec034335f9b847bfa4c50775e2134f1a55f47a8036dbdf846e2a84019128059f4c2d9ae6947

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26dfc49161f29103324310e73a8f6d9d

    SHA1

    37451f62a10eb9b3189bf9fb351a08c473a01b4c

    SHA256

    4d66a4c1038e7fe24cee1697ee728e73b350a56e535aad0845734a773aa52891

    SHA512

    03ca86a848526c8cd9d1eac72829325a3a0aec2b3314b8e456ecca307b05116973b81375434db436ca1bb7fa231032c265fbae1b4d9b9996b08e49a9d431aa7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f5429f275235b3e0646db15b282fb36

    SHA1

    cd12c6c7c1f16a0dc3a9dc19c45456ffe9c770d2

    SHA256

    43040ad09d5a4023496f6f5ed69f17f3dcc8ada1a065ad356eedb92c9175a0fe

    SHA512

    122ca96a4a77ae9a2d7d72f3733de28f19412426b4bf549283457f3a58128c877ea0b7faab63b0cb7a7240a1c08d7f5a889aa214efe5c2aeb1e799c3270d13bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4e70e1871b80e328d01dbf4a5713ffd

    SHA1

    25d42e40f08abadbbd87627687563287714f4459

    SHA256

    dabd13f9b9ac8a54e81c6ec4279e24c93a27ece5f7922997ba66c0df15f13740

    SHA512

    8efce3e7e4b2aedc7af2bf2e2477feaaad787bea1a3d0290d317bfd0646e7a98876c087ce341f0ad11afb92d0361cb5598600807ab1b898e14d52f82bdb24b70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f29d3f48493514defbab4a60a6722f57

    SHA1

    2c6304b917a70b3361db1a28e268b5ef57da8113

    SHA256

    92b0387f331a6acfe401bb7cfe7048aad88ca48691b0ab1d4624939efda46228

    SHA512

    4593199e2b44ae75d222b5993a89f783c3ef117fe154520ef5fa3a298401de0119d8a6ef142ed05761ffb5edbecedc1281c32ef0882d03b65568d4138c079473

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44406b4508ffef349bc8aee03279d9e6

    SHA1

    0c1a6247d8b215e02ce19470c156fdeef6708465

    SHA256

    641a9b80232169b0903338798059734496cbc972c15a6fef1d3efaac44d4e22d

    SHA512

    aec1074cdb8161860970b7b13e25b1ceb2d900be54492a523869dcd46d6bc800db0aed770a162b730dc49bf94e0bae00c95c822c6f4abc2435ed7c351f536fc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd462319afedb90a10bff534e01d4be2

    SHA1

    c4d4f153c46859cf19f453e6f8351adf3cb482a2

    SHA256

    2d1bcf0666d0904a1474557d42b9e6eda5bd40a1c98010d0562c52e7836f8456

    SHA512

    36b13f473f0c6b06887245fb502bb7922c172f66b4e555eadf7d3ff9db83f9052fe073cd1e42b257dedd082d906470128a4ef18953e20b01258a1b2be7c81579

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4c6b795ffcbf16fb9665cbf69e4435f

    SHA1

    636b5fd6007dc169763a54fc61a9324e56d568e8

    SHA256

    ae122448c81400119e43b7223c6e82495dd943ca1f87962619e143c949be02f3

    SHA512

    9dcd84bd5292d238e4bef3bfc8d926368013cc4f6cb350ff41ff417c4a0d7c9015ea54893f44a0d7cab413ce111bb5ad86110c376f8386dda0ecfcc1a2aea7c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4e42cd3f68084acb518f757cca10602

    SHA1

    7b41dd42adffe32082fd2dda0865826bab33b45f

    SHA256

    3146613d2b7e7889f3182879d3f5b05ddfa2868ff3a5c3cdead6bbfce0bf6c94

    SHA512

    71702fe9a2c8b79e43792f6082d3f6497c9b47e13e7eaa596d74c1925592e3c2e1e24d5c892822c683dd04a58e6fd113066c97b006f9068782dc0184e1e8cf3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37e88f2637ff982e12d1035766de7fc1

    SHA1

    2e4d7dd409979d3dc75e2fc009f0b9e27c56b81c

    SHA256

    1573c571796583304301f689a3b4649ea1a6317dc7d2b338feed130bda646395

    SHA512

    633af4797815a365992d91c9e6b1feaf20f45dac5c200ec0ddd8f200e0728a927b3aa08966db5e67ddc291c4ce64dd857f74772e5e0f445523e492fa65beae0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4639ba3690ba116aa99b6d7eb909bc44

    SHA1

    e5de54a6ae669a0264a872e859a359d3e6c3ad08

    SHA256

    b411b5d1c27e60f045e83c39a37857c3d3b19471cd6ae7b47d585b7886cdd10a

    SHA512

    ba87803cafbb25f9e8e84afed5f6161a2e681d3b0ddb75560b5c8f1952b00f4fce7371e670240a00dac8b3b22542a135f83422b45c614b1d158f89fd58634a6a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE360.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE42E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/524-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/524-2-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/524-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/524-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1816-6-0x0000000000780000-0x0000000000781000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1816-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1816-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download