Overview

overview

10

Static

static

3

57e1237c48...36.exe

windows7-x64

10

57e1237c48...36.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-12-2024 03:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    57e1237c4831d5bad7540e135015262a9f3666c88b3eeebe2181157093498a36.exe

  • Size

    1.8MB

  • MD5

    af25dc5a87ceeef592b39db453556cc5

  • SHA1

    d7144da6707271544dceef81767a731db26c0f70

  • SHA256

    57e1237c4831d5bad7540e135015262a9f3666c88b3eeebe2181157093498a36

  • SHA512

    e4c0fc8b166c04bdf8580b882a975dce00d67ec3083be73fdc5037f2fc331ccd7e23a3144a993c0123c04d316f3c545437ce76dfb58db2180507ade339cf06a4

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09YOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1YxJIiW0MbQxA

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57e1237c4831d5bad7540e135015262a9f3666c88b3eeebe2181157093498a36.exe
    "C:\Users\Admin\AppData\Local\Temp\57e1237c4831d5bad7540e135015262a9f3666c88b3eeebe2181157093498a36.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2628
    • C:\Users\Admin\AppData\Local\Temp\57e1237c4831d5bad7540e135015262a9f3666c88b3eeebe2181157093498a36.exe
      "C:\Users\Admin\AppData\Local\Temp\57e1237c4831d5bad7540e135015262a9f3666c88b3eeebe2181157093498a36.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2108
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2688
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5fc6cda5f60be96b021346af38ace91

    SHA1

    c9b741f5729ad391715e86acf5b6f538fd720c74

    SHA256

    423a1d027e6dfba714797274b23a6039b9dfd5b43233a1066a3c72aa01087929

    SHA512

    7f0828c635a5dd7678ac47ef69187a523746e0ac42f7d7a016fe036966256d88aa809132d72e724fbac783ac3c18eafef84d4dbf7a36eb13a6a23ddfecd7a33b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66f01b7f1e5a595be8cce45528780a7a

    SHA1

    c16aaa0b17ada9297eba6e4b5ed8793d8e88608d

    SHA256

    5374b6c031fe009f6d1ef9d40bd1d2d943b037e52c6ae72c0552d654ebbc97e2

    SHA512

    8c0cfd042882d0ceda318eae94d0b136af11c8584e82f02354403d8e87e9e989722304a1af227b5120bd7c6ee434690b5f12a883a302f56c0640bc40ee03328f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1bc3e5920c4f0f0ce308bb1af872322

    SHA1

    8dc7c2523deeefe84b6c54c68699fba805d42dfe

    SHA256

    5b30a187dbc3a4f9965c00f25dd0c5d20f568ec6b228bb4f9c61b8335f8eb883

    SHA512

    fb05fbbf57ea3fb117a1d9d6dc3c2631695e2bc2bed4bfaf1f98fc1e3b8b13bcecc0ebbe0dbde7bc296a4629b6830738fa0b330ebd1ee33c8f52eefc12d2a1d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b13af67135176a9cecd94b4987e8b050

    SHA1

    44fffebe65763103927099d9e5103ce7bfbcd4a2

    SHA256

    63ddcb23af373114ab0d0fb09a55dc17186ac8c7adcc0acaaee2a6144c70094c

    SHA512

    a815c5074f523cd79081a641504cfbcbfe7ca6c7f91fc68b76f006f90eafb49344fce8e95e91240ae7d5660294b475f4eaa1b448a46279d71fadbfd07d336f40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc2e8047308ab6b8976f3f77a9adfb9c

    SHA1

    4057695a7b229e8ecce8e915f84b5778242ee2a4

    SHA256

    6177d83c83a34a844255377f2b916c55f15a754db3a74a4c54889a328e43c6b4

    SHA512

    760108b68206fec23f64774c22c06b8225ea65768d098e6c81d10edb06fcf0ac23432deaaa944455a769ba665aa4368369cf5d03764e7256ea4239a5d60b2d39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75d668fc733324555ab71408a6fe5be2

    SHA1

    5e1a240c1a98efc2280374617c70c597571ea461

    SHA256

    db1b5dc432d726ed6c0e31b923d68f689859464344232b74a175c29ce8b999d9

    SHA512

    7ecc64efcff17d7de58a77861abd18a3b1d3d6e728f8749eb7d100fd769cb1441f1d21c4aaa3eece5ca2b793eeace46fff61bf47154c08e0ec2abc8022644d54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7004f8dae5147fcb088a88df5b26d9e3

    SHA1

    1d9775ca33ba22f63606057f960d54c21bb0008a

    SHA256

    a2a81662dc027c1f2473d92646a2b58228bfc686eebe330c928b75f44792743e

    SHA512

    0aed673820051b3e268cdea22ef85294ae51c69ec7a9dc3ad6bcf7d1ab95958adaa526e98fecd6e054f99d33628ed978a535c43b4f415b420b386dbb71b20b14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a11729e6d49e1dd5c412f95c9e8355d

    SHA1

    b6627ec60ac336b789cdd369f085182dca6b5fed

    SHA256

    3ff39d08e7fbd1b553d17907e4dbf25498d256b5704649b237e53dd620f56fad

    SHA512

    7a151e63aa4e5ec7e425371ba45fe0b66654b8caac20d9b746ac7e7b212a13696de2c06ce2cdddee29648333cca87b36f580150ff26e1d53acb4c01fa3ebbd0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d643e560d5e117a5c9a9cac2f58f6aa4

    SHA1

    26a0184e4660dde7ab9fa9fde258410838bae545

    SHA256

    3620453eeb38ecbba592a1fd5dffb9d73aea5c276f40fbf6dc09b76701db097c

    SHA512

    5b4f011b47ecf8289eddd98337d5c9da67bd8ac268107ce7d90befc84aae94c56b2ab94aa563a723361a22769a5bee2bafb19defacab96b92ce794096b1a4314

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca59f5045b6b5180f2cd16d7df7cf4c3

    SHA1

    dc54071f685422b7f35646d9245daac10b1703f3

    SHA256

    bfd949e8b37df1735a8f4dc2923ea82961c653aae27f288b21ec815cf2dc3088

    SHA512

    2b699027bdbd50b70d771f2245fde63a211b03e1d86af4c4145268a672e6532ebf61a69222c8b53f25df85525990b3ea531e167c8b8b4ceb7e1499a9b2c8b2df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9411f5082e7d9016690e5887c95edf86

    SHA1

    ec9f2fdad7937dc8a37c9033e1b3eb48baba945e

    SHA256

    853c16c3e4ebf755cbdb050735f03db21cbdc77f90c98350c9f921243fb5086f

    SHA512

    9f15b52c19da357d4b286d5639879f6ad7e2854e19cb5460c31980640a528ef7c50db8ba189c26f583dc037bb0e0d574b69c03d19a02ef20119dd2f59cc5ae60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b8f4bcd12f512a7a33106847ce204991

    SHA1

    ab266cbb9be4fa307e4baf2f8d608fe0e45a5d5d

    SHA256

    e312d3c29aea5bd5396c62e4e50c01269f3809843c2fe9193ec84c97c93c82b5

    SHA512

    b649f86601396b474a4dfa699b075e7ee0c0b99b7c5234db715673f07668e274f362de0a9c5b1f008e64d914d892a722b0c5fa81c2e82142fb8fc06e8b63254d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7c09407cfb0aefb864347a7cfc7de0c

    SHA1

    42e5992f8d1aa445d41016adfad6e9de953c7bde

    SHA256

    1936a3c81b03f9b8dfff1f74cc8ab88e4dabc9849af4fc17a3c8bcf2a019fab3

    SHA512

    507b0769b7b8dbfc2388058d053be9325e80fb94ab07d959d7e68b0e747637754c3449deb9d2f31738d46b9fa41fb86590e1eb79825eb93602dee32e91e53bf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bdcc34a2872426ea4ecc7dff79de707a

    SHA1

    084ee87668c0578a985142b27eed6f6b033683e5

    SHA256

    eed57fbbd022d0447514749748657f811c9f1dbc7b153053010c102ff050af49

    SHA512

    c005e58c519c396f5ab3e1009ad0d7d1f93abb7b7e69cf3b65cd15ca3052fd2292c051b535a3a717327c220a3ca372fa79b9f3ff040add3aa5fc1f04b8a54acd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ef69a8adb1d98e89ac41223d32ce820

    SHA1

    1d71ad948b45e3dd6ff27141e5f8fb6c6aaf6fcf

    SHA256

    40222868f9ffe17d0afa1881e0dc532c58fd675acebbeb5f4a674067b0ba36cd

    SHA512

    8a0f6379532d9da8088dd3bc448d66dbcf7788f9438bc02b94d8c26f526d484795098704a80e65014c8ef30cef16d09079c30d86e71ac701fa6d1fdc74e9714b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cc0fcfedfa6873f1b62977978f4cc68

    SHA1

    1873249206c94da0bdc4d4952acc750be74d202b

    SHA256

    0601bf87352ae293e1ff6f66ed39d560cd58db4e3795b01a522b7c4f647d4923

    SHA512

    e3b483c4880088daab047c3d57f26b9b3f7c2b320edde4ff0f84722551c11c32291881894cb337a3a9cb285df090f66c9f7caebcdb6276ef0a252ea16cdb1786

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d79e0ec8912d71a79d5deffa2011d65

    SHA1

    5262009996cfe6021d606016940aaf72f676534d

    SHA256

    639765cb67eef4e74d21a24d6bf0b429ca13ee21ad53e49885a9726e1ba75cef

    SHA512

    94e8f9f296fcfc47b24a6790a9efed780c4ad6ce49677b3a4204608325b68b10b168885dbfb9006b272cd601edfbb46501109caadb3d7a36e244df1724191890

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a5a13dfd7b6944bc0d8c9f46467b1a1

    SHA1

    2ba301d524152ad2acfda7b8b317fe2a276615fb

    SHA256

    ccc8c872397ecd766b40431462a00b74f46e9091d868a4220a3ae1944c0faa96

    SHA512

    ac5226fc3e1743ffdb03754608fe56216dd6d92e073d5cc31450e4115dd49976d25daa83d955dce1ab89f324170e54a2f4539d09fb2751a0e782a815c9ec72b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8848350fc4e6c9eab070c420c2859fb9

    SHA1

    fc03506a16b938e770be338fc703822309aef669

    SHA256

    e9492bdd1b73948cc0a8189c90149b41b31d8899c9abc6ad272f221f229df27e

    SHA512

    c6d57dd9436ef2f32c9e731fda8eea4b14f6aad84019428e9dc99fe47fc75171b86f438730a672ee3171d60eb12fc957b599f83831c266ae9de0a411acbd004b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD912.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD984.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2108-12-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2108-6-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2108-10-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2108-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2628-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2628-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2628-2-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2628-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download