Overview

overview

10

Static

static

3

.exe

windows7-x64

10

.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-12-2024 14:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .exe

  • Size

    1.8MB

  • MD5

    af25dc5a87ceeef592b39db453556cc5

  • SHA1

    d7144da6707271544dceef81767a731db26c0f70

  • SHA256

    57e1237c4831d5bad7540e135015262a9f3666c88b3eeebe2181157093498a36

  • SHA512

    e4c0fc8b166c04bdf8580b882a975dce00d67ec3083be73fdc5037f2fc331ccd7e23a3144a993c0123c04d316f3c545437ce76dfb58db2180507ade339cf06a4

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09YOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1YxJIiW0MbQxA

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\.exe
    "C:\Users\Admin\AppData\Local\Temp\.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1568
    • C:\Users\Admin\AppData\Local\Temp\.exe
      "C:\Users\Admin\AppData\Local\Temp\.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2744
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47e144e0f826ef17e61500674fb543f1

    SHA1

    2e41523fea99b9d4fbd3ea038a182d5aa663aec4

    SHA256

    abdfc372a0a39486a0ab4c1005f310aca9712f578110fe3551a9eb35a10a4874

    SHA512

    b620083a34775ac465735f5388d3a166148e3b8eaf58434445fbd12cf0a2c3d9a5bec1d99b2b5d66968c4322773b1d500b46c3494a4751aadcfdb8fdbb4b5d48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6332c16944af0517232700352368631

    SHA1

    bdc61ef50cb3d44113e13805e1d1a2c4d6154eec

    SHA256

    61f5240275a9424a4412652ea8218ae657664b8b9c8b5916ab9105590263030d

    SHA512

    82b386bc2fc7b7579cd560b3de67fa7e556402e0483cd9b0305383a2c7a5e27c4725f5cffbf5cef91c245d6242a94fc6dd18c54c728646a02c161da3bd29ab89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6c43d27e72b0ca868babcab9e34d861

    SHA1

    3b276bffb1430e30cf367a554beed17035ae687d

    SHA256

    c1e6cd60211e90705c43b25f9bbb00511cbce76a91d4446facc951e223a7feb7

    SHA512

    d7000eb8bd98bfef90353c7a16c93657d6cb5df965ed7e44267a59696480bc71a159fd7844ac6b74ab77d034d167a307ec074a20c1aae83da8e20052d3c7dcdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a34657a320f9928aa7e96bcfe5061364

    SHA1

    ea4ebd1485f86398ae6274d5053ba9f12140934f

    SHA256

    f949f2a97820cdd02a1a61c5a3ac0f9d457720b52dae9027817a009729e676f6

    SHA512

    d754f86e5188edd461845e014560d6e6051387c2f0b576c853b718d2f686550af5bcbd96e252124c6ce7a642cabfce243b921161ec46db66fced63cadc85a9ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ede6682c4d0aee3f530ebbbd95a7c57

    SHA1

    ca5979d48e8877d4d02e449b173bdf0ab4bf898f

    SHA256

    ac8d01906c63893e8dfbb6bcf58afc259afc616eacc10fbb89572763ca639595

    SHA512

    c15218e60dc726b28bb3074a578c9a18d4f5be72a8e738682c295b32ac99a3465d7ab567322b5cc3ccec59a8f5973f61bcea57c26a0f101f4a9a28cb1cef4937

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f35fe49448e07a48363b2e45785cf464

    SHA1

    2e6ddba1501a7ede13178db86af4878bc1ff40fb

    SHA256

    8c7fa8eea28b97ce32714d656658bfe9ca04160be6c4390f12c31d022aa17127

    SHA512

    0efe3a03372966ffdf6b925f59c72f4025f1262ad12356e155e57dc2e9b26b4897f8047730387b68dd08f4f11aad09cc5b26d0b5ddb7bef64c93bfa69941dbf9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ca2b56e92a272f0ad41251e5b9dfd6d

    SHA1

    89a9618e0460a43bf4c9bd0b97356aaed5a053e5

    SHA256

    c05663cd30005f61e3eeb92b02a16b0db578ef0f8085d92415fd785f4c98ef8a

    SHA512

    61bb92ba9de0ba7d2c39be9e10799130bcfbfed3a6714e8de0fb306b44286d03a85b7f67916124a1ca36bdcfae8780e2b397d412e750a5e04edd89212073fbdf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db3742956bd1b9883f098dee875cc8e5

    SHA1

    2601040c90b84d600cbab7eed4956c9adf50ce37

    SHA256

    a5793927a0fe3c031f5d34e72d05ffd44aa98066133beb5d7374cc37eeb7bb66

    SHA512

    9278a60e758fed264f123eee33e20bfbc243e66f1adab478ac0c26b87d05a97cc1578bf6c45fa3fed64742a47a31a376281a22f08bccf491c61a0987db2dc595

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53964a929175fd67c92f8f4e2b316cb9

    SHA1

    b0ef671a7b28a2b3fdd482ca24555283663893bb

    SHA256

    7c159fa4a6cb5f2d227ba150580b73f0fb9bcfd45d6bdc6fd23e0f2e01f877ce

    SHA512

    d250e6921cb6aa2172a01d3a837b609cc472fc3cd452acee27d34c1b072148e9ad00af0c9602dcad95fa0eba7c4691d17dd2d9a063d9b888f8d35b3a3de80f53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47ea029ed43abdcd12ecd00c10938793

    SHA1

    de1974a7c912f0c12bdd3daa929ffad2dec41b19

    SHA256

    6a71751a514c4c5a14ca7b7bc21b63566aee30624b373eadeb978aa61ac10f39

    SHA512

    e594f6a7c9da3cb2b127a95c7ff88f48974dc20457522d2f0094a14c8d7230227d1509e7feb70b1eca63ce0dec19093da641455c42aa4e4927883c27b11cae4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c26f1446b12816497cd7b8353e9033c

    SHA1

    3606fc5ba55cdb761d6dbc42e6bbda501e0fbe9f

    SHA256

    9eadcd7b7fecb4af867f8253bf371147f8dfa4fad1ec436c59693efbd1199a1c

    SHA512

    3d1dcb6251f7adf3936f0222dd6acd2fb2e4dd8accaf624be2083c8982474913c7995fc383a1aef9d968926ea4c1d42a98143ba46e3614f4fd6166ec2090e9d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    508c4bc949ba327b17603bf271673387

    SHA1

    cda27d289cbd84f7bef2a8ea2c2ba0f03766fec6

    SHA256

    9621d125c3f90531bc2559c7a0eb190e2dc5546403acdbc1d76db81f06cb13fe

    SHA512

    92133022ab6562f98da77cde078457637062eda7a1510016fb8a099653f6be84536f59d7c7b125da608f89471a190042b0f46e887bf1882113ced85a45a73e74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a979107f059331d65b16b8e3b97099f

    SHA1

    9e89a9d0a57552c0f84db69abd33944bdf9f88bd

    SHA256

    b4b8c3bc198649730994a2f59f30140e3894d05eca6a35bc910f39752683d222

    SHA512

    33b13ac21f26edbe77bdc4370314d6a307dc37d2a48e0981cd7a097b5ded601d04722a5c6902d6bf97c62ec591b4e27f177c2db7b48436242a43feae3cce9942

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f170279bc84fbd8626343067bf78527

    SHA1

    44a5e14e8764e19bbb4d53cc01397298631c0acc

    SHA256

    ebdfbe81164892a7b3c61b67f2d384d3b79b947fa9ae7919e0678e4cc3e92bcc

    SHA512

    7148257c662fbf5a79f63debca7982b8d8dc0adbfdcb4f9032311441aa0bfb744d430f3e1838d7b77cf572276aeb112e08b80d092158b029f6f95b060d8cd2c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57a82185eba225e52b2bab98dfc90ae6

    SHA1

    cc0aec180d2f1aac85647d1d4997224c399dcb5c

    SHA256

    b30676477a0cdf2b5569a5b02edeb94e506a234b5ab8ded586e870e47ba32bec

    SHA512

    408b102816550cd2ba74d1d8bfd689e3985d114aa7db0cbbc86059f0ec95c69aa17b74644b45f96537f789f4ac8d1e3f25bc62e28cf897114e5a165ab93b6a02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f612684662f6d797a53e5ea30aac5d8

    SHA1

    eb3f67317f324deb020a9467501558ee6aeb301a

    SHA256

    0d9498fe8a5730530cf48fc58cdda9a4e908de80243750f7da491f94e5e6feb3

    SHA512

    34be0a9ce663c7e6992157c3d3477731e26978fdeb3c7efaca59e4016c90e920918690eb870f8c85436def0d35807d11d7b65dd4bb8ac5169bb05053a5f04151

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a2cfa6cdef9bab839b59cae6a0b0af3

    SHA1

    95346109a244edbec195616345ae8c0a1ddab75b

    SHA256

    f3c8342cbaa1930cf19b8224c7e37c100ec15931572fc4a0d6b5eb58080c7587

    SHA512

    3641fd774e3f27f24d55ef3c2e298dd2cb4feb4276923bf1fcced082360323d7faa7e391b3c09e9abca16997352fe0817917a1831fdc82531fa99d6b3d4d0f7c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62adbd15f19681f796869292afa08c4c

    SHA1

    14f60dfdf0cc21f31de65e7035a8aba89bd68b2b

    SHA256

    05703f50829916cac03053ff546d05d0c83b49a0c7001c1b1b8e9684509830c6

    SHA512

    14659f6cc6798dc70de8bfc3e3408f43f6bc0cfa1245313248ae093eb708474fcb3be62c70add38302c28afad06848db5401be5b4579e1432fa7003d69909e02

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9F5E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA02C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1568-2-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1568-0-0x0000000000380000-0x0000000000381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1568-3-0x0000000000380000-0x0000000000381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1568-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2088-6-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2088-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2088-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download