Overview

overview

10

Static

static

3

4841801375...e4.exe

windows7-x64

10

4841801375...e4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 20:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    484180137520ab9fd4226f5f6bb863927d9b23971aba3e2a10158e2588f6d8e4.exe

  • Size

    1.8MB

  • MD5

    935d0fa1882822e85014a7a9c1834e15

  • SHA1

    5d72b82374465cfbd697adb20f21b2b2b18ef033

  • SHA256

    484180137520ab9fd4226f5f6bb863927d9b23971aba3e2a10158e2588f6d8e4

  • SHA512

    e594f882324fcd41909cd743ea0e5492bf4d1b63435a41b2bef76b0890a6a8830b0d60d8a72a5e47197962c0e4b92685adf0212300b6e1a8211373a01ca8b1d7

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO091OGi9JPnXixUmjkfe4o7AWibjwC/hR:/3d5ZQ1XxJPXkUgWe4o0Win

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\484180137520ab9fd4226f5f6bb863927d9b23971aba3e2a10158e2588f6d8e4.exe
    "C:\Users\Admin\AppData\Local\Temp\484180137520ab9fd4226f5f6bb863927d9b23971aba3e2a10158e2588f6d8e4.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Users\Admin\AppData\Local\Temp\484180137520ab9fd4226f5f6bb863927d9b23971aba3e2a10158e2588f6d8e4.exe
      "C:\Users\Admin\AppData\Local\Temp\484180137520ab9fd4226f5f6bb863927d9b23971aba3e2a10158e2588f6d8e4.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2256
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2704
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2272

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c8ba64d5e09f2d9ef53cfff43c832ad

    SHA1

    ae4f776cd6821a2eeb685825da93c94fd4e5baba

    SHA256

    10172a45da28e32a16a102a35be705bb0e47f5de88eaed546e1abc756d4d17b9

    SHA512

    ccbb6b343caca921cf5a7ad3209f1903b7932653d45ccac7632d8a43bd1bca7f7fb6f6f897c5fb3948955606717dd27a316453f1e036ba4dc24833a575d98785

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f0053cc200671f54f5a7bcf473eccbc

    SHA1

    2d9f76cab287c89bf2053a932c164da59e9e5375

    SHA256

    e9cef7161008a45cb5fc042abc255154d6f75b0009aa3dc12d5a0314ea50d3e9

    SHA512

    65bd1f4fca32c271a8d04e756a69a2102866a97e3702bfc275c144857abc114746161f4474a3abcc4139ebb0ca681dbbbb7e11b4a6cacd1d6cc8a7797f3d37ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    458731e1ee1f9cde0c328df58b01619d

    SHA1

    74c181950abfe4ca86b5e9e2647f5781533d57d7

    SHA256

    d97e44ca7f63c10fbecff51b151b89078b38c89565237122f952ef7ae2e4f199

    SHA512

    4fff684e9e12367a543bc94460ec03f546b18be31a894d85b9a85b95a15be87f49fd8df369db3ad5c778dbab8a51399be5b99489d32be91e229798a84bd96bec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6b39c83cd376233873bd54f72b6032f

    SHA1

    d9c27af34389ec94ba9fc1f4542e31419e880258

    SHA256

    b61eba29e32aa52f94b8af4bffe2410b8a3b5ebbbcf397258cef3c0aeb505c31

    SHA512

    256fe6439f4eb23b9f9c058821a6e4e4c23fc543a8e9fb74a2bb1a6c7584d6ce4a426250795c6eb7f0ea633cbcb4d143bdd9cf99623f262e0e4da0148133541e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb81492ade74fb621ee7c54c9ac7d79a

    SHA1

    4e958afef8fa02c425cd90b045451afe8d408dc0

    SHA256

    0355015ee62c4b299601729c7099618092d81f09bca7ae23791d5766dda11656

    SHA512

    4ec3ae366f1b339cad8bf6c60c46bc19692bf6b9ff71ff94d8f2e62a1970a9db72303655e09c2ae96f9513cb23bd601469f2069b399f0a801335bc242ec0b416

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb03573f6fa837a36a99b23b9e75c27e

    SHA1

    4e6f1d05957c26f8808fe979187185629b09267a

    SHA256

    4c3cc8f23ae6b2004db07f56e2e4e05310fc428661d14841bba09754c5f0ac23

    SHA512

    bff2b4792bd18c7e0b23bbd8b0136a6770eae9bdab6f616941104a9a4827250da16a3212f5b16572b3c9de4f39c5053e7b7a17fdabd9596ab10d77bb8c1d21be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8409fdd6ee6705d3376c233ced3fc116

    SHA1

    4a43e6969755efc971237d39f5f34f889fc01584

    SHA256

    091ed5dfbea5c2ca5dd1473d7ffbba825281fa652f338cdacdc05afc2db009e6

    SHA512

    f496edcb9d52346c453553f5f20003a3e418b51394b505b2133b36a39fd3d99442ee57e7a5f3ea40a21ef8cf86ec632c8db8dc9501a44c1985c76c1fc2c9a164

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe4ff73e4ff34544b5bf2f559cdbeee5

    SHA1

    92e5b2e9a51123abbc4214087c480a95fb311955

    SHA256

    aac52cc5929e946ff527dffaebc762572572ee57d04bfee1186f9cf494486627

    SHA512

    49e8d3ed73561e546c0146a6c3d4e4430058a1789f82145370885a64602fd49d0b8bcedfc223b05d86a241679458ed4b912b2dd152d9705553b7c018b91884ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24b412036c984bef8d22617839fc8bcb

    SHA1

    9ee6697487fe09f525d57fb4bd0f07559fd76fd1

    SHA256

    5ad8d30f614a959ce47ffab1eba84df559319e11d191ce384bc79d436de5b038

    SHA512

    5af93e47e165451a1d36a85c21136209cdbb0f9887f306db6ce7855aa169055de455c208b91d683eacb1fb082ea50dca97596db674d4674519b528f01fd9fc3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c4ac32f92d44796c093ccb042e0a6bb

    SHA1

    6036c027a1a79648359bc1060047d5c119ce2e96

    SHA256

    9b2d0a4b42b3b70da4e1bdbc6a3dbe0d034dd99049e39dd15309223574207785

    SHA512

    874090f6a78a47be8f3da196bc202203a1db506b98c985336e04c53c3867c221187059b1fa3bee4395fff7f8e3e000f3d946afddcc59db6ab13a048cabb308d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2fe8f844b4d72ad50438d66b1220c0cd

    SHA1

    667816fec8ca2c42bc75f8df44b976b219562ec5

    SHA256

    a75c3f06381c985d474f77af517f95d974f1832a9738654fc1905a78bc7f801e

    SHA512

    f8d7e332448b3258d4fd40579034956b162f088cb82ca2c5fe66d158e789b73ff6ec3a4321cb940b715797674dab394ee8f6216b1005611b1c336171ff142ccf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b39f0ecd6b77a84f786eaaf1cc98ab9

    SHA1

    014fc60faa01c0277febc816c2f0e1e85e477184

    SHA256

    78b592bc994b5608f5e10fa132269586e76d9e7c5233f771022d3e48da7f15db

    SHA512

    084951d383289724348e7d17f800566d5dd7b385517527dbd17038db6aa8e23f88c4fca0c20606d90e6ba52bacf17d22cf61d9f9610611901ee825087a85c7e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65e2501cbd4cf99554322cbcae8d5a76

    SHA1

    1d40a1612ae40e642448ab319700915a6e7acc0f

    SHA256

    74a37d722cc0d97e5f32ac944a19baaae3a3ed389ce5532f773bdc58a5e83d76

    SHA512

    06191129e72fcc83ed82c4867b1d4db52f9f0163b018f7a33b432db967b44a4920af5ba403ea7bb12f2a6ff9384371e8ae138091379cdd03edefaf0da150f5db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be49a23f2a0895453d9bd310b54ea6dc

    SHA1

    40b4fda9aedf8b2ce1a89091241d0505a3281b3f

    SHA256

    d6ecc78698b8570ba61aafd86d1245936763f5cf459dc6b09ecf255cee136678

    SHA512

    3fb5a0768190c8ded574d007e9a3c09d4d458f9c0880871dcfd620a483f60741afa84b677795372c9663f7d40b1177c02dfa63966c2e16ef4a7a923cae194212

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2cb26bf068acdecf19615aea84c88d95

    SHA1

    27158fc258baf2c188cdea5a35d7c7cf270cbd1c

    SHA256

    68d7d749eccdbf5d849878cd0879f229d4a60e3eebf4115ad5bdb1f68065ffc0

    SHA512

    049a0ccfcbf8eca0a2a4f1fe2f3c96d951621a40a41be5cf520403998ba559257fa8092caec4d485b8ab7f884a9db899b5ea9ee295cc0bffc4b6a79f77c08b20

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    142124e39a2d2aea65e0535401422726

    SHA1

    dea063e74c237ca572b7238ff9b962e4548b23e9

    SHA256

    a9e4810a80dec683c8ed789070c82137cd81f109b71ca54120ca0ec0e7f2982b

    SHA512

    59330373d696a555df8e7174e11dcc8dabddc21d816b4b55ef55832d92dcb233abbc749272ee12fc8cb9e609770ae39ec6d6c38b113ddafca8e749a4f0e697ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89a6af5e007c8f93c97fddad2fd77ca7

    SHA1

    5306cdb09ebb49c5ee1311b1de0a0f88fcbb77d5

    SHA256

    a2e677bef8bd8abfd9158f1c9b92a5d5627b61231fa9d24f98cc316e4fb547ed

    SHA512

    34a5e3baaf3c0237dfdeb739be4e044f0188a27b3a656b2c2c24e72e1ad7f965804adfcfbcea0e47e2a5c2cef6e388648de8a5fe8cb35e888b2fd3a65a53ef31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c1cbc0f88cd023a37ef2bcf5e885fde

    SHA1

    87a692740d69b17cbcb2b7ae3f0c6046e9c83558

    SHA256

    17439f6a97223fb3427895286ad43cd3459f04d91f5ffad9b2367606347d0e36

    SHA512

    1b3ee5fc78f2aee469a67852dd40a07b5a5f9472a0a04b70d9b8cc37bdf0744bce7ca3432e67ead53307c28559857c44476b1e709c8211bcbdb6731fe8ff7685

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCE49.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCED9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1636-2-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1636-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1636-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1636-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2256-6-0x00000000002F0000-0x00000000002F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2256-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2256-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download