Overview

overview

10

Static

static

7

2662610dc5...80.exe

windows7-x64

10

2662610dc5...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-12-2024 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2662610dc5f01aa6d41fa53222b61aea879bc70475376b240597d209a6cb3480.exe

  • Size

    692KB

  • MD5

    d32e64d77779eb9e1f6996e9918bf35a

  • SHA1

    a0e7075e2d13fdefa4d689ad51c9a6d3294f0766

  • SHA256

    2662610dc5f01aa6d41fa53222b61aea879bc70475376b240597d209a6cb3480

  • SHA512

    82c0ebb69091e83e8bb99fcd0b41c4e583d9ea1b4b7b4eb14ffa78978c2f0630a251a29173f6699638f4c40168cfef60458b92d5ab25d2a05393aa92600b5c12

  • SSDEEP

    12288:q6f13oK/cDVrSs0SYnIhYqkoIgCJ1y0Vm1uIf59UcudQM9zU1Jok2fP4VT:q6ftojDBeSYnIqoCTywjGzh2

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2662610dc5f01aa6d41fa53222b61aea879bc70475376b240597d209a6cb3480.exe
    "C:\Users\Admin\AppData\Local\Temp\2662610dc5f01aa6d41fa53222b61aea879bc70475376b240597d209a6cb3480.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1840
    • C:\Users\Admin\AppData\Local\Temp\2662610dc5f01aa6d41fa53222b61aea879bc70475376b240597d209a6cb3480.exe
      "C:\Users\Admin\AppData\Local\Temp\2662610dc5f01aa6d41fa53222b61aea879bc70475376b240597d209a6cb3480.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2116
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2808
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    622553e5fe3c735b249ec77de17763d0

    SHA1

    9d29f31ea7eb1443c775af096df1ab591c708854

    SHA256

    6d58165d778714e3cfad71be9c1c9d4984fcf4471683f01927251318608e8067

    SHA512

    ea2e372911bc3ee858ee8afcd88af17673ce490322c083f679fbcf457c8fb0ae640108f37a6de32f34fcd2f9bd92ebe2459f6724cfe99859543c0b0c9b1c79c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b05b8a49fa1dd48f5ad27878629a0f42

    SHA1

    3dc77e177a4c35a6447d1abeda69e451bea70d86

    SHA256

    d18e41c751d38cdfb8ca55d2b400c82434cbe5f0be8639ba19cf1dedc7ed6e7e

    SHA512

    db6794ae67b2691df97d1d5320b64c7547e74b3562665d2d40d4c7b457f88363f58b062ecd1cd8b74d24a3aba003b2ad722852ed651d6bd3636ba3a75cb14919

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd8c890977cc389073ef9b6e19d89692

    SHA1

    91f37750220e26671c1a2fdaa1adbf844f62dd4c

    SHA256

    13039f7a8222ffcc7cd2cbba4c080ea5ef648b5e46c9a0ba4f87014b3798a906

    SHA512

    6a3fb23eff2cc1632ab283a32beeab46981388829e0537fb1996077c344c956e98a226451eb778eee05192ed513638a7381ce7b7c3be9c2e60b7e655ab9865b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    532c487c1ee8a172c09714c4baca1905

    SHA1

    cc88524bddf330ca8a76dbb0e8b780c978359641

    SHA256

    817d1bc5b0810ceac46d57433ae1873f41ab19665d26491b6f63e6f262455736

    SHA512

    1d5b5e6ce38a4c95a9fa4316a26d5a32c7d8f59d21b443fcbbb09e745a7ac20bf4785406d365af5fafd1318421d650ff9d63447688a63926c0b38ccd2310a405

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c9289668c5b254ae6a1e53d7d955c89

    SHA1

    42e7d772da20d5a559c231516199fdefad5152d3

    SHA256

    3fb766bc1defe1e750b87d3e2ff21115dadd47396fb25bc59dc562060a47cb7a

    SHA512

    6168dfb367b0ba4e70ec9b2a206d5cb00a11b5c92f2bc5e28f1b4cc0b6cebb35daf4cc1d11bbd39717a89bf3498bcca34d46af1d0852c8f0024d6809e819454c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c6c0766f2b5968b58b179cff37961c1

    SHA1

    3f18ce1952ac2ae4be7430b50819f8b0e71647cb

    SHA256

    46631a5af69067110b79f67b24aa03b8690a10e547b537e6ba13ef8cdd1089cb

    SHA512

    7684a9e0fd5e09401601d695253a183e455cb4356457618180b893d35cc53ac31e92ede1dcfb377c7d093aff927ae3ad6cac396611ed65b96f97d4e959ce3dda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b657e48c599c123be63da4832c36a801

    SHA1

    15a878331c4ee0c55e1650abc954e560ac3ff4c7

    SHA256

    84da65571c1e7674b807b89f3bf77999781e0bb2e5043f4ff1450d668d71ce98

    SHA512

    6a2012701f87a76b87efd2b4a30dfe887701f924a53e718ebe0bbae937ef4fbec7e6af1adae6577bc6fda8effa20a7bd30d99f9c49a019ecd22a2c9c803a30df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ff5b71c8b1fbbf799dd56c48fa6a087

    SHA1

    a93a5a8f17e0752bc95468e3a84c3b8562ee92b5

    SHA256

    2b9d64154cc235204e7fc993a63e7d019160cb3070e7f6b1f5d0caafeb142831

    SHA512

    28edbe26451b17ecaf70593d9e1dc2f25d9477bad65ba1bca63a0549393792d626543bd83b753d29f3e07bbb6db4cd5bc8e3741b34bd82b131572f8c844de569

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0655c90e8efcaac1257dd81ec416cbd

    SHA1

    268fce82b4e25e44895da10d9d111f5c9fc70c7e

    SHA256

    013dc63838f79fa428047b7fa4c216af152f97a1f82eb2972a7e0a6f09c3f5ac

    SHA512

    4c3117aa3777d4cbf7e3196007e355bb2f5b5bdadae5bc565989db278280bc049613899674112674ca5794af84b1d05dfee7311a96419f2a568ac4835c513590

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d09f013f87ba9d70ff03d04dc678ddb

    SHA1

    37df3ffea69ee3cb1fe9d886e6afe947aa6a5641

    SHA256

    b676b53d6bfd1e8cb8538e727c551bd57058e79b941f170bddd7ef72c9e4e8ef

    SHA512

    243d5333caff36d03049a2bda7afc4cf02b411fadd6e163a808b45852900d884071fc6a0ef8c79c718432df7302ba816f64d76be682fcab923c3989157e306d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a95a9fa415cd9630462e8398eeb65691

    SHA1

    79000253c58be7c33cbe9a4a8ca9acce768533e1

    SHA256

    e6077464419e5d4f2bbd9ec82d2fc8559faf72eff108b5a58eadbda4a5884753

    SHA512

    8fca203eb7c20d75c3e9f4c7c08e2179786f4cf7774d4e349a26314dc423a8e4c8467ece15197a725bfa6d2a42f17c98f4b257683799cc5e52742fbfd48cbbb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    799f78c2c68e5f4f50458a22747153b6

    SHA1

    f052e6a3867710e00bb8dce87f73fa558ecef228

    SHA256

    d61b6343127271a4ad67c65ec815aa061a05326cbe8babfedde603c0a40684c8

    SHA512

    eec338c4205863891f38023ccd5f2a8838301170717c1e2a840eec40c982cc7e26ebfc23d61af3fde77f1a74456dd6763417abb0a0557043b43f3e07843b914a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e1ece0baf9015282ecbb948f74eb7fc

    SHA1

    57a3265e9db75138d447a917a60e8e8abb908969

    SHA256

    9a79d2e773bc720b551d3de99777a899b7b385aacd27e3511a4644eb45f1d3a6

    SHA512

    a03acbb57f063e4430546c6ccf6f12cb45ce679615a05e8dc1044fad577c889c13cdccb45ac8e5289e9bc0a11c4c3d793bbfe91e05ecc01570149aebfe3f799b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    843301ff64882e08a7d45565a77f1760

    SHA1

    99817ac8454dbb1590052f8e1e9107fbd3c7c487

    SHA256

    6b288a99d59599d09db267efcbf790e30f5edb26f1a0faf06786c68bfafc02b1

    SHA512

    94214e2ccffc2614c628c7f9c52998938c577a0ebc1850282f2e909b4428bdd0ed9a4579ab86818083e23863bfa4c32e53f032f535bd9a93d81d9634c9f8b8bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b145e2d1c1c53be69adb309660b9bed

    SHA1

    ffa7950f027f7fa2c9d8c27115f6a44e1277e2e0

    SHA256

    feb1474721f8573f7084d348a777b625c24154fbbb9735016f75348fa74a53de

    SHA512

    ddbb4167d96611bfc276d25a97c35ed4bd036d63f438ef10dad5403747d0e48b6293dc9966d6ee9096bbcd00c74c89978522331e46be19937202fcc17d34dfb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28f059013a83554d299fb906ce50fce5

    SHA1

    5cef07916bdec56d8af5f4d15fe36537d1278bff

    SHA256

    30181a34a35c88430171b9c2b72621ce0d4c6a57f5a83f08b357d2e133c19278

    SHA512

    ca8967a3ca837624b9509d03592eefb2ac8467705aa8feab386994171af4b471a9d3a4e6c389981f3d9ec12da5f14cc1e1da0dc12048cc62e4bdb0e6c8daa3c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    724fd8b057281bac97d15114fbbf15c5

    SHA1

    1c858c2218654607822b585b1c7b23946223f2ef

    SHA256

    c5b77755ced7695f1379e7014900adae0f171fc2525b98eff9563e50ee300d53

    SHA512

    f3d225d97fbd3ed3da83cdcf66fd3dc864bb1ef5005451c62d8e1d13ea92284bbe0cfcc9daf9d7e692d82f9312852e9693a669e2243e7dbf7b1857c2cc202a36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    067ac6fbf131c892b6315c0174069968

    SHA1

    8223116cfeb36343edcaa47a7e8a66e6edc9e5c3

    SHA256

    02097a0de3bee59caa470648b4ba185a0ecdbea360034654587903826204ee6b

    SHA512

    706e709c354b91b919865028271bbb2a536765d706b8dc6cb8ec7b68fa8179885c00ecd0ecaa5dc0a79ca8e9adfd934a2639acf2ab3312c82a95992f6d950ab2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c2221b7a98cb53c781e5b353eee37a9

    SHA1

    6829b40bd3b3c27077f64625b662cc163cf3b6f3

    SHA256

    ae043035e2af4e572fa0e436f133ff20a06e94d8c1f8f5ffa37e23bf71fca24d

    SHA512

    31efa92c4ef76c542410e26dc10b5bdaed86c1544895aa638b926f9bb307ee90e35172209929d358d08587b176ae1c524ed19f40462540d551145d29d59ca5fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16ce9610a667364aa51c1317a2f05ba8

    SHA1

    234491b5ad4871f651b2b55416d4ca6294e2aa12

    SHA256

    b218f2fcdede613f241f3fa7cd7864f4d2d737329649b55a65969e6784bf5353

    SHA512

    c8c7a455d5ba435c40988325254152ff695099f15bb663f69c3f3e66352f5345c4ca716c4d37bcc445903320f64f52ba4e88de933bc1ae32be4d7b26f13655c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96ff3a672d207ae54cdd2aecb18488ef

    SHA1

    4c3fc9ad3add306950256121b67d6b800e571211

    SHA256

    482e94e7c3d6d306cf2db79e71477dc4e1bdaf92a3ebc3b2225369d256a71f6e

    SHA512

    bbf6e45d02af1653249c4336db9c5100c80857bdd3ca93fdb0e2363dcc334c75afe2b312e90efc4902e629268744db3616bd8808e3e8bcbb77e9a48d6c110d95

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9F00.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9FAF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1840-5-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1840-1-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1840-0-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1840-3-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1840-4-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1840-8-0x00000000036B0000-0x000000000389C000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1840-2-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1840-15-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1840-7-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1840-6-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-21-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2116-16-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2116-18-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-22-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-25-0x0000000000400000-0x00000000005EC000-memory.dmp

    Filesize

    1.9MB

    Download