Overview

overview

10

Static

static

3

4d304079d4...4d.exe

windows7-x64

10

4d304079d4...4d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-12-2024 19:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d304079d4b1a3fb7ddbd2ec2d74564a0eef6c317d6b084198914a4f6fafa94d.exe

  • Size

    1.8MB

  • MD5

    337c348f06b70f20ce6987e682d53437

  • SHA1

    c0a27d60de1ac44221e6ccea5ed13e08f3b312e9

  • SHA256

    4d304079d4b1a3fb7ddbd2ec2d74564a0eef6c317d6b084198914a4f6fafa94d

  • SHA512

    42e948d21d57c518b8cf72003cfee366b2b4f810efd987cba52189c5ac41fd1a5201f0742b878bf49ab906a08ae59b7c14daf39f3c25e5c3798d93d4ccdf365c

  • SSDEEP

    24576:R3vL762VhZBJ905EmMyPnQxhe4a27lpYiWdCMJ5Qx3j3QC/hR:R3P6UZTH2W+iW0MbQx

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d304079d4b1a3fb7ddbd2ec2d74564a0eef6c317d6b084198914a4f6fafa94d.exe
    "C:\Users\Admin\AppData\Local\Temp\4d304079d4b1a3fb7ddbd2ec2d74564a0eef6c317d6b084198914a4f6fafa94d.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Users\Admin\AppData\Local\Temp\4d304079d4b1a3fb7ddbd2ec2d74564a0eef6c317d6b084198914a4f6fafa94d.exe
      "C:\Users\Admin\AppData\Local\Temp\4d304079d4b1a3fb7ddbd2ec2d74564a0eef6c317d6b084198914a4f6fafa94d.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3028
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2660
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb6bcc3d6c9412ad55c7d284171aba11

    SHA1

    b00e3650c12970a155781350e43c069a72977621

    SHA256

    d7544e46afc786cd44f5524e949eaebfa26c6036755a5f215efd954f83b78439

    SHA512

    1033f82ac4fd7c1cc678e27fa2093ff9cc4e446b09e7c9af125cc9a26021290e14954999fce60be49f81decf19a5eaeffbeb875a31c8e004e7d37301ab93805a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3925ae86426e0da14974abbc2ae8259c

    SHA1

    28b6208cd6125cff4cbe753f2909016897ced23a

    SHA256

    ebc520c66bcf3525991db6f7307d28269457c8c1eb4c1350f93578053de6cbba

    SHA512

    1324146087060d2f96117e7d88324f117f550a54fa14c76795c008296a2044b9a9e92b519197870eaa052927f9a4d5923eb7c83aaee29e446cf74595158226b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3cde039eb1d665868336e3847ae3cda9

    SHA1

    3ea85a7c3cdc9140f34da58a5f9e35e35f61778f

    SHA256

    ed3f3a5669f2b7b8cb5e3d034a27b6a4a3c1f4b970a212d8efd5066cae13a153

    SHA512

    1d6ae9ef2cccf9fff7a4877fbd925168fbe5d87e5401f39c66715660ce135d40e4c64b6a7b94a611d51c309d592f732703d46c5900de892b857e696d1c6ab054

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dbe29001c6a55f1ef40d93a2f4077894

    SHA1

    7853994ab06dc5d4511b40d6a4d526511b84694f

    SHA256

    0fcd41abafc3a19ccd9aec65565eaeec734420c4e98ca9f6f893d0cc5e41d368

    SHA512

    4833b9674ccc7494f6400beba52766ff881d565c1f9b9dcb4ea8b3f719dce8bf6000e52a3ad7ab61819fd0a17f6ca2364ac170542656be8f2c528a86007e03a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    154445c75f22f7c8661157b0631b9ea3

    SHA1

    5093f3eed777765ce4fdeb9c859c95750ca84cf4

    SHA256

    e3beb2c20511ee1296d08d30785e41588c8e37bde65a66babb49a96cefb4d14f

    SHA512

    e611d2f6d6ceae67f7031c503a78e224e0abc294d513fc15a3cb07e739887e6a7fa474c340a8466d407f2576aecdf2d18306ac15b986b277598ba5f8868633a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8119c84c3ffad585b219bf610d869f73

    SHA1

    165560a526342a1574e22c0e65a15b00a1090ffa

    SHA256

    c82c3ff09d0a8db502de17f135c5c029fc3d27a5929f06e8a3062142eeed7f7e

    SHA512

    8ae654dea965f9e3b98a1ce62c547cdc326cc1467142e85b46b416efe13497987e9de29d74291d821143a891a4c924642f2284863c3f4c7bb6ce04af20608c6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4a660939a8692cfbd1001ef34949605

    SHA1

    99aae7717402624dc35c2091c59d24f964099b63

    SHA256

    41928309e2d6e212f24a0daf20dd3b49956b0c5ff3025f36cc1cf8b83b59566c

    SHA512

    b1e1918da004fbac260f49df7a9d824c1c20788f487e367a7200e29104cc7cfa5856ebca51025f0c31dba19f729eda62c5a1104f5275367ed1562edbe34f2717

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a491676c0dafc31783ed0b335b2a79d

    SHA1

    a1ed1cd65e78935edfc40c339abf34961c107391

    SHA256

    5c86b9fae75022f25642a486167937beb6cf202c18861599805ef54ba7d825e0

    SHA512

    890ac21b0ce47c9e6b74b306a25197bb089b91daa4b4999df983fd3fc43c643c72b21bca51dc0b0dfff75d626c6d7950acfa5577c23ebfeea1df004bec350252

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5f4aa4e2fbfff312480cceda2d9bea1

    SHA1

    b591be1b33a1b62356e15e9633232140c5a8eb68

    SHA256

    b635acd91a176818f35bdda8f048d2c35601b3560fd30b3f9dfb2260a443550c

    SHA512

    666b9da6a6ea255aeb2a2e59fc4ee7c265d316e330840ba09c28b6c92de5da7a44545d1056b31b34de83fcb982451b803846c583bf8b9f91103b01014cafae23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86657c999e1d31119ca38f74673b6717

    SHA1

    5075fa2ea7244bc9732f4427abe9aacb057eed7b

    SHA256

    69200a883a121686bf5dcb8c9ddbc6f36e4f611044787e1221902dbfcc066e10

    SHA512

    6dcc8c995b45f76f2800f4263ec01c03c2a14e0cb3615b61aff6e6df87e680381538e32ae2a8b37101f41e7dd23c5a5e93619d1588234ac01e0d7bf02f06ee4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e27935b6f0fd49f3deb7ad6b5672c53e

    SHA1

    87c7eb76d30f191eaee58935e71e3e56ce2280d5

    SHA256

    b5aa8976cbcc78b4f0dc3544a86ff83a45931ccd051f67773904e683287cbd6f

    SHA512

    8dc4be855cff2a93bf2b0ec25a4bbdcd08bfdbaa886ddf7521ecea77503cbd765baa0bd43b7ecc29ddba20a6a3e4b7e2ebc04392770c4ddcb6d59acd809f2d29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95db8fedab2babe985fe226aef9a5d37

    SHA1

    ee1489e632d96dec4654112668b21b894762b2f2

    SHA256

    e90a67771a575d39b6e660858c2419f5d6a6babc52bb56ff7ba29bf599655e44

    SHA512

    bd09fc3d16cce54a10cd4aadfd368a46e726f056cb3e7ffc0ac8c0b22d6f375c45c2f8250daba174ffd9321c7309180f78bf99f4a447c8c51ed0671deab8d4e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69255397f96cabfe932db4ba726a5bf3

    SHA1

    fc115d31766a06dfb2a70acce1e012968d2b9bd4

    SHA256

    fb64a7fcb32fe39087b5a1ae76e2bc28431606a5fbf1f285f0ed903c0e3003bd

    SHA512

    55fd3ef39683c8671c2cdf4b0e94d423df7275de19d660c7402428e9901bbe75e9eb69067c50656ca6931c62b7d8d6926861a192315fa1751fe7a90288a62008

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b8e87b01156f64cb9ced5eb45616d947

    SHA1

    04cb2ea158506c2df6c2d34a3d574505d1660c8b

    SHA256

    48885391d5848c43ae86258ed3585c632171173f92636c9044ba293b0cd2d1e2

    SHA512

    414fee0b55f842c865918e972a01ddaf540f0d20a2d2e5ad6b198b3c75affd0b22d6d4a9b9cba7c2616712b2471eb49fe236f8ee576614de0723376584f8da03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b77630e0a6047f2197acfc23b86b3c53

    SHA1

    9df3b5f69be1c3e4b1b4d71b97ee3defdcd7509a

    SHA256

    238454b267499c4533c87280b678678bc0be7cd7cd342278a7b24533d34b83c0

    SHA512

    36057292b82865d32edbef544703b0678313d6237c8899ee169f4b127044c50be5317eaad3f64c5fffbba5bfbeec52e70fbe804e0d472a17af84c1845541f597

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb6ee7f08cabcab38fbd21886aefd0cc

    SHA1

    21d050a34a68f722272c1e466e2c3b74b1bb1847

    SHA256

    c2cb60a915035e43c1cec307cfcaa12f7834793536d87e60e530d9b70db0e478

    SHA512

    e3e3fa65167b5eb6d4a632743ba37e0a28a2969ba03eb20f1e003af4ed5dbf17fdcb3c59c5128eaae0d4405e4ae6e5a9b73b802fcb3356c64a62f9734a945bae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6e3b9e300afd3ffb306a5627f9591bc

    SHA1

    7a567e22a5389cc5dd6fe40bb25d9ac1a1ff1d73

    SHA256

    a5737d60914a3444535ef644f71a125a846ea25c19676b552e90ed76489fe5c2

    SHA512

    4e516f57f3e7e1c287a12d2d16fe26fa293ad5090bfd14a0ab83f2dfe134aeba1011c1b874ca8f7f9cb26d8c719c00784d8a074f5365de1c0add75a71b16fb7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1dc8cf2a57f7e3666d4856adc03a5f7d

    SHA1

    201e565b0ecf4d777028de65f0ea475f1a272b2d

    SHA256

    ed1345069527f5a57d904f44e05d323df597f111c6354f379492ad26b8ed7dae

    SHA512

    ddef34d8ad5241207e2a2a69b313de7a769cd6fb0cd3322516b11d94f70a9234cc98abb41a9e67bb719b1cf136d1feefc1465b496a34d07339800b8f2e0c529b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3719092ade65e6da8cce3c7e318e7dc4

    SHA1

    a1ad242152c68279ab64a41b1cfe8f02666e2927

    SHA256

    74ef9b22e3cd3d203eb00745e9d3ca9e2b5dd08a6ec8ddfe5316aadae3943983

    SHA512

    87baa87d06c443035394fedb918a08c3dc1147924914b4a561529a11953c6cbd97414b9a0e9ec5235e055a24f901307fc7ea10144cf078edcd70a1c61de2fb86

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCD9C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCE1E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1708-2-0x0000000000200000-0x0000000000201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1708-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1708-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1708-3-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3028-6-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3028-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3028-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download