Overview

overview

10

Static

static

3

09ef38f286...81.exe

windows7-x64

10

09ef38f286...81.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 06:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09ef38f2866b193530abb657970bae440b878df2be0a1f00b420be2e467ed381.exe

  • Size

    1.8MB

  • MD5

    6835289782cfc66ef4745da4835ad441

  • SHA1

    f1db4cf4d3f1628b89bb406282abd2879685218b

  • SHA256

    09ef38f2866b193530abb657970bae440b878df2be0a1f00b420be2e467ed381

  • SHA512

    f77cc7933b759ee9e945dc6d5ee59527eb692eea90fdcfe0e22b18daae98d9ac43899ce51481407beba2a54e531530d9888abad5362cb14533199fbddd9b0251

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09ZOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1jxJIiW0MbQxA

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09ef38f2866b193530abb657970bae440b878df2be0a1f00b420be2e467ed381.exe
    "C:\Users\Admin\AppData\Local\Temp\09ef38f2866b193530abb657970bae440b878df2be0a1f00b420be2e467ed381.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Users\Admin\AppData\Local\Temp\09ef38f2866b193530abb657970bae440b878df2be0a1f00b420be2e467ed381.exe
      "C:\Users\Admin\AppData\Local\Temp\09ef38f2866b193530abb657970bae440b878df2be0a1f00b420be2e467ed381.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2948
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2948 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45be855d6955804b4660efde8d0b6fe3

    SHA1

    6f70f003614e3a9fd3f300acbd811f1530c52b52

    SHA256

    e5715f5c1ade42debcd771858f43ffaba22cc9615a2571eb651500739dbfb3c5

    SHA512

    8031f1d2f68e6327aa75ed4b7753ea82f26560b0702acaaad158aba177cc8fcbcfb7b60f40ea78eda67a953663cfb2343989578cccd8a36b96f40c0c09ac7e47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    deea9bd0537f69342e6042f19eee765b

    SHA1

    e45d003349c125e651fb33b03741bbee4e9ced6c

    SHA256

    b9f087f5124277182c884124cc162a61bc2df0d67c6002b6b6ed6008f4a4a897

    SHA512

    ca4fd7d2e065f940bded22faf4657719e19c13173c938e0168103fe061667f4ea51595ea70c17c211de578cc6b4401170540debc7c21a57610a287b820814af1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    efe551337b7f3420131e49d3ad700526

    SHA1

    21c04a0f1be5df84fcc8af8de164567f06718a03

    SHA256

    58f9c7e5376190bc2775184e7660019a28665240a09de74c45bee1ef49fca9aa

    SHA512

    abcb2d4ab014b0fbea4318ddc162a953a56f1c1c0d21cff2e59402230062dddadc84ef5fe9b2e169ad00dad58467abe6fcdad996286d175f22010a6923887f4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    533d2c355d694e403a8c0860e97c2351

    SHA1

    7f943288f7c577be0b5f95a6b2c4bf82924fe98f

    SHA256

    2f28d031e246b658ade1ed6bbc8c87159ff63a023333ce8f98b760ac33d4f023

    SHA512

    e1f8b1d5e8c36017b27419692d80d07876395a7c5dd5032a6224befdae186266cf267fa759f4c9662cdf59f19a6c48a88838cf14a428801cf0bb642a453d0723

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1eb63c05af5f06c3a5527459eacf2b25

    SHA1

    3493f5526b87c7c6e5237cd52f4c6df121043f93

    SHA256

    d9e43fe1462381a99dbfc27c56a5d6a29c579f38549808547ade518758e3205d

    SHA512

    34d2ec5d7987f9b367702be0c6b03e9488c5f73a3578c4054ad4e32522d320ffca500478f5521c36ff8afbfa136750b2beae22ad5a61fe7685a4c23bdb7b801a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ee71715479df85790358b3e9c565024

    SHA1

    4ec13b89e0afb03b943ebf687cbf0bc5dc37abd5

    SHA256

    29fe42c854d8fe3a0013fbb7e74d7b501efdacb1e0f2f70050d9ebee1d8bd9c8

    SHA512

    eebf82ba3cd459284d66b5ff7ae5d62b900f823182beb2ca55105b2baf52fcd6d41a8f979ae4069c0e098933708b21c9e682854c902d1ebbab85c498706b117f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c66fbf6b02703255656042bfce7c654

    SHA1

    85507c8779a558b93971330275525b9bc1608c10

    SHA256

    86d58e0942edb53d1ee30fe09a141534785b4385f85920cc8808084bca466f8c

    SHA512

    de551a4442c5779d12e8ba9349456d9f28b2a90f36eaf8271ef9d0ee1225fe45f46f609ede39d6cf765003eba6a749c1d76d7219d4911b880c69217fd7a5fe19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43a675298ba0f032804e00f30f5d66d2

    SHA1

    ee9745b2fd97b40535cb592e217ee44fca134c12

    SHA256

    921f15f5c55f6bce2b58b0e204e1c578d42d4e2d95604d5b621dae37fcee2d61

    SHA512

    78679ecedc64d050aa991383739b4b626284cc6805772d3a6a3d618bfe8866e717f4434647b0c849145dcae48461b565c68cd322c15145285d9d4d0eb37018ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4076d812f3670b579f0abaaa032570ed

    SHA1

    a34ae44a4678b1256d2a0c6ab1b3aab988467812

    SHA256

    574293e70b1337dee224cef7494433ba69d82e7e5babee3c9b3d8cee9058c1da

    SHA512

    4b5a4b96a750c40b4b1ec7aba3411d1cbd2e87887e041e012eb3f41e58150aa6494083494b8a6e7bb8d72f294631d2aed5ac77cf9600c1632a3298675d45faec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba729c96ad3f4f00433dc1a5a035e50f

    SHA1

    cd0160e6b896de029c00cf08db8f9255115ae5c7

    SHA256

    38c121d1c3c534fb8ea648992af6637478d4d2b6ebe148b11f8fd7138617f153

    SHA512

    58700b02c0577178d9ddfdd85ef836c6a233d14471c4585100156b5f3582c62c339cc7c4c2fc3992463c0a524a419baed8fd3f90cf063d80f773ceefb3efaa6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff83e14eb739faf91cbd633fc979f2a3

    SHA1

    b41f977eadf1b5156420e3bb37a1a86df16872d3

    SHA256

    55920aa4b81bbab144f8df3920bc129102a2ca232ffd7c8adedf6689583c03bd

    SHA512

    84178ab8ceec4c2f323d5daa3af14bcfb9f6670546062cb4e58d42cecdcdeab697b17e3803f42c627764f32413adb3fa3cd2435f142dc7071458e71c6ba791b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4aaf62194ba79823e13ad7c2d58eb442

    SHA1

    c465d640059746a5a74f2cdd1324d63bb9add206

    SHA256

    37dab47cb4325a37024897cc97531363baa541088a43c6ec4afb9596a211bc5d

    SHA512

    2c338ac776d3ba4ada547bef6ab691dd1d8d08d53de45fafae2febbfdcf548b423f0143d2c2d109c762f8243cd52c0f2e6578b785f0df351b5c5b4db54a7c2a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b88a51b3a381aa8424237d16b9a2d85b

    SHA1

    5433e79a9af9308235740d23f75632a33b39e2ae

    SHA256

    5f0a937fe85f7ddd2da8024ef7befcd7a1453bcff7de74a2915c4b5bf9bf358c

    SHA512

    d7a9889ffea4f8cdc5f5a1f1daddf898ba07cb83694a53713160e7f736c5262af7b9cbf1721f03f07e820564444641c2089c76b117cbff31d6a1db0d8ba5ea7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b0743a2a20da4e6a72a9bdc74d64701

    SHA1

    c1142c183d35b28966c404551ec99eea5b15999c

    SHA256

    cddbdac321b66ccaf184d0b70f2c3fdb94337df78d0a8460d96ae34b9c80d56b

    SHA512

    10fb7dd31fd07f4e44b6bb1431d51121cec26c1112f21ab6b2c30909d12485d7dd130b9598fb25a8e31896fb972c4f45f2193afe26c3eb88620f2fd797a99c5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a9f592f935dfe6c3c132af0911d8ae7

    SHA1

    e6673d5f212b76d92ec4ef20ab4d2dea815a36a7

    SHA256

    94bf48f3187e3d97e67e3269796bd6e614dd09d437765ba90960e4bc578985e8

    SHA512

    b59cb9477e29d4815bfca9abc16c9224e45d8f00bc19788c30cc237cdc303ef933afb2bf41dcf7700c7909d7ba368ba74d6b453a8d496912b4ae584fdb6c13fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e9a09c0e279f65ac83ad87d0cfdc270

    SHA1

    558f37b4d239ab4d2f47b3eb36a71c72651b3792

    SHA256

    9ea24738a862768fdcd4123fbe0a5fc6a4179fbad4bd22d8b3401cb2a90e5d90

    SHA512

    9a2cf6fe48ad75ea16feae13f97643be8b0a1659dd3f036506809f4f722e468458b944b59f0b52ab332f0f0b35cb286e33dd50a4f3b51a262c4d80f81bc5bb67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12716551552fc9988704ef4aeed7f037

    SHA1

    6778429498d7b8182a1e617e7aff0f83664c7e3c

    SHA256

    e4467104d6bec487bae72cd4ad1a9311a9b08f61d0bd700e75c8a9206fea83f0

    SHA512

    a95da68851907f5df6334c09edd292a0f447a36a57b41d96ae476937a21d8f7e133aa01f4ea0915ec1e02f872508451d1e54a53e1b0773f329bae113b46fea7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    338d31c1a53b48252371bb46a46a428e

    SHA1

    5775d8195ae3ecaf06ff22e657de118233fe4045

    SHA256

    85ce666eb5c627dc23b0f0116e738ed0f2b5ca76cb41371b2e152c12b1a58103

    SHA512

    6cf66a2046a08a87119b76be6402c69df761321a78ff404c8a44ea3f4ef61ce572917f4a583ba2bf0bf90171952f1bea837891f8f49345b9454a761d7334d7c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79170751707b66c21971ccb3aae57df1

    SHA1

    975ad5839ef6a422a3a5b5eb0edad56debeb3d8a

    SHA256

    426e7a2d4331ecb935e20d9a1b3eb40bd16cd87ec84587f9d5a51b93f9559356

    SHA512

    ac3247e88034c1131164d161e54a17bda265cec603a8eda776631a7953c8c9aa62c343049a2585e7dc9af701d7b0bbc2fca952dda4b2532e7fe7233515627ecb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB2AF.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB37D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2072-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2072-6-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2072-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2348-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-2-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2348-3-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download