Overview

overview

10

Static

static

3

09ef38f286...81.exe

windows7-x64

10

09ef38f286...81.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 06:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09ef38f2866b193530abb657970bae440b878df2be0a1f00b420be2e467ed381.exe

  • Size

    1.8MB

  • MD5

    6835289782cfc66ef4745da4835ad441

  • SHA1

    f1db4cf4d3f1628b89bb406282abd2879685218b

  • SHA256

    09ef38f2866b193530abb657970bae440b878df2be0a1f00b420be2e467ed381

  • SHA512

    f77cc7933b759ee9e945dc6d5ee59527eb692eea90fdcfe0e22b18daae98d9ac43899ce51481407beba2a54e531530d9888abad5362cb14533199fbddd9b0251

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09ZOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1jxJIiW0MbQxA

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09ef38f2866b193530abb657970bae440b878df2be0a1f00b420be2e467ed381.exe
    "C:\Users\Admin\AppData\Local\Temp\09ef38f2866b193530abb657970bae440b878df2be0a1f00b420be2e467ed381.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:564
    • C:\Users\Admin\AppData\Local\Temp\09ef38f2866b193530abb657970bae440b878df2be0a1f00b420be2e467ed381.exe
      "C:\Users\Admin\AppData\Local\Temp\09ef38f2866b193530abb657970bae440b878df2be0a1f00b420be2e467ed381.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2472
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2204
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    560a01f47380570c4a8ae6ef5539c998

    SHA1

    a2e5d8425731312f7d02b0cd32e5acf73ff00353

    SHA256

    a2fc78a6a01caa0fc5ab275a22e87996499300c72e317e4155eb94c914fe9aae

    SHA512

    380458478133582e4eb06185f4a02ee8e59fa33c67b24172eaf802ae14046190394ebc5f01a66b3c1aa9da670601f68eb425fd93dc41d52f6bb87a8b182602e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f2d3dae4e4c1a26c26adbc77a5aec12

    SHA1

    83b5b6675d44fbc373e37e7bd3dcd7a565896793

    SHA256

    51c0c15e232d014e5cd8cfad0287f803509fe10695d491f71ed5bff9297e2903

    SHA512

    0e0fe356a1f3e6b85bb91fe783ec540fcca2f80582cb8ee539e04b67b1a09de0e48d53071550bbcb8365af5dd2b21634b6488235041ceef413fc645bb1036b04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e39f9c5d8cdb1abe744057f7b8d4618b

    SHA1

    2d51c3def8919eeba4b1b3879bf386a194e8959a

    SHA256

    1c47ff2bab0546961b019bb8f57a9e9bd4ef5aea60f822dbb339af26d3cc21e6

    SHA512

    2882cf71e6e04f1e80a99704724256db64274353b09ff4c33eaca110dc059fa11c6da18bf2396aa401cd5d48c9473536f22ab8105e63cc5e0d3d1d83a3ff1126

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dcd92e258429765cd4d765d828fe3cdd

    SHA1

    19f52742c3b8ead7b993a220323b14dc2be68c5c

    SHA256

    5c4260395eefbbc9d7000bd5ed44f5c3760fb25ec07bd568fa1e149e93c543d5

    SHA512

    ce2c7bb7d0763229c8ef2bd24be5f832435461ebd519236ddf7dc68c1cb4552fa5db42892dfa994c5267f29297e3c98c1c37056d8caf41d4c4d8546fffddef2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8886a6d73e0284e5a8f4007761e1b408

    SHA1

    5ce72d58997a37d043f0a7cd672c1a77f5e11399

    SHA256

    b2cf887ed20a9287a468a8dedea2ef4c463a2f21907024a073668e04cf3d3583

    SHA512

    e40263978a82bc4dd6416932a2fd602e9e7e691a576781876d28590fca52dbeaf6b4d8db89a6a9e77cbe9c11444c49493d636e4dc0511bc3167a5919b00ea6db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f92a77ee9de0a8047fe329818d9ab19b

    SHA1

    114cfa7fe0b013d25d0adc8c67b04fe5727fe95a

    SHA256

    4771c180b9e9d469c01077940fed078126530249a430639c410896fc8eca7125

    SHA512

    743f80ccb68a5eaaeb865cae4190953bfdbf918e47310fd109a423fa4816a8ce512cfda4e031279ce014ec19c018580d89bedb175aca09f0f4380db120d5d6ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9580103895f75c8f0f6e9947c07c428

    SHA1

    0d37feff847a20528085badda63c1232617f11fc

    SHA256

    82dd48d727edc6d9e7beccd7709fc648868bc880aff514d1ef679fb5633e405a

    SHA512

    136fe8b6c1495cf0b22831729696d1563bda972a0fd7092dae267aa87f89f056fe7a9a704beab4022c06487d9e123c9f51208bfaf98a3772714fc87152c232a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6807214a8b0d6275c421451c9f677c57

    SHA1

    95b728a7e447b79c51ced6b83d1b2ab3ef0f73c9

    SHA256

    84584d1183bb2e618970f4738b39175ebee9c3b2cb3bed6595bc07a56efd4c62

    SHA512

    44c3328058bcf0250c82463a9d8e872612310a8fe334f58e1b80fb5a0701cf68106a338e366114684a5500558e9b04c296a4b478f17e0b9682e7bc2390244ad3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11bac8835c336a903dfcee0dd85fbb12

    SHA1

    e12d8286146d7a8f84688e5ea95587be580f7f5a

    SHA256

    09c3f606f7443c09be287adaa84cb361f12a044b6f8d7447fb398d1f0303bcb1

    SHA512

    5c53d48bc4c076436df18d131b19057c7ea5534d0f10371f741cd6616c9ed650b13ac77b253f580e82a1a848a8f41369d21650f4e9387a62f5da44f5857c038a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1bdafe435e39c8242fc8e4d0befcf52f

    SHA1

    360efeb6a9d22b2532ba6d831491d8a79d4b0d7a

    SHA256

    4d12300723d3f700866424754a17ecc07846d46bf5349b29ce5a2d394e32a6ac

    SHA512

    f1e07db8d86171f732401c4f2859b7575f9061bd20996d53e8d5625c6b745467efb0c05a6d6e173926a2ddc10843cc358114ce4d4f5b29be3ca83d4d5ba273db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df5ce95a084e2ec3f7938733fcb6b322

    SHA1

    d2106f1bde87ac0eae1a40acea1103186c39f249

    SHA256

    fef4ba69d95b54ea80e21a8710a0a83a978ab1e28312bc282c212af30d1f7b1d

    SHA512

    9119925f018eb4cee0a213dc5786f27c34fba34f4e5d4ed03ffdfb99a75e6c6c4d9692667ba4b83251036804e53dc0943d9afb271d0a5371a523808789111ebb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8dbbdb75d4f483c747b3e7548aed0e3d

    SHA1

    6c97efa5a0f9190b8213e2d3e65873f5bfd598d7

    SHA256

    f1ca97b5da7d898d33a7414d278db304a12669981686e5444d43230414b0e993

    SHA512

    e2ee2369aa62435eec84ea37558f3f2e8f9525b51d28680d4cd50bdd372d12aa33d368872e8b9d458e0c08f7d35c22e3d08a98f4a778af0eab739e070605cf68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be34a4dc61b7e78b6075637084f62b88

    SHA1

    2c2f63ff5fe81514d478cf92fdceac713840e328

    SHA256

    f1f42ff0c08d82577ead866065530d0b7eabc76640238afb483b403ec0fcdd37

    SHA512

    e6c48ec979d233199afa2d65fd74635e79dce2f32a8a4508640d007f2c17c2a84d490caf1309e7904d061fd3c911de4237211bd217f7b5a9a098dcd33a0ad019

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0a8b91022e78af1c6ed5ea8eed140cf

    SHA1

    fabfa04fecd87b215ccdaed61b88b047a94e21e5

    SHA256

    056b8706a9987d9d51e9c66b05790b542d252db09cbee93d20d6ad42879e7116

    SHA512

    f8a543e4bb535e1e2629f8d0fce82db715f8a72deefa8b9dd831596afd5dbf4f7e8b551f1b574cc92406668b7ce50a0744fad643259c4e010ab0e11aa4fc6bf6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f968a552a6c2624f7b2112240e26ce0c

    SHA1

    f8d2821d059e1c23f10d200b61deef4f46fe0c44

    SHA256

    e865bf1b6067907c0da75ca736713cd947b17bc43e94cfcc09d042642a877832

    SHA512

    824e02e14c02f2b23c7460840ccdbe1b8bd43d94ebc319361823b4cb840f6359b03769f2fd7a661fd23f6a07beae7bdebd199f5e16a962097ac04b68ecfcf292

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36f37ff7c08a1479afd93c22629e5472

    SHA1

    dec72caacbc98153b6671ac08eca7eeb2f624e0c

    SHA256

    cf5709976e85999f3199b5f389f7676d3ee96c1ed5dfbac3d747765744f59b75

    SHA512

    bbff352826d3570c56883d0e9928196822cda102e0bb2e966f6629f68e1f4bc42db609ece4fed070289ed021a11693329cd1ea531b2768ba401ac5f83f38e3fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21f6a6a28b717fdd81a2701d93a24f8d

    SHA1

    383d02b6ac15799debc74e9f4ae549f23efc48f3

    SHA256

    4ca574d09a9c89acf5787c729c1bdd551bba5266015a25f56495e564f46cf9ed

    SHA512

    f5cab38dfb073a35b4a8a1563e25ce3e7c1108d66158bd681095d9eb290e7a72cee6bb77582070d3028d3f8a1ccb4480eb57b56d281ee89b583074552e058a75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7895eaa91d48b3b304003e89627495c8

    SHA1

    1e0f3cb9696ee9826954d40bf293bd0a42273da6

    SHA256

    e98bd00b575d146eacac5e5d26464fec92174f173c47f82eacb9005aac0f50c6

    SHA512

    a3640ff9306e490fe46272388ad56cc96399dda934dc426e05592a6d363d5e850d7a744f40c4c3310d172ace5e575d14a934bd75d64fdb10208f74056b03b696

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c954214ba31d8cfc6b4a516db0ed063

    SHA1

    1b93a1994a80e9f23941bb59c7ea8b6861e6dae8

    SHA256

    d8effccee3050268be779c9b51f7b45ce51e151dfabee43ca9928c6e80619ff1

    SHA512

    794ffb0e1da3c548360f7007414ce7975c87053e319dfce8aea07c23a4dd6c072cc13f38e738fe48c19a54a3cdc0dae0ba5ea4fbcf9ec4954af36b9ab5226a01

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC6DB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC799.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/564-2-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/564-0-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/564-1-0x0000000000630000-0x0000000000631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/564-3-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2472-5-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2472-8-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2472-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2472-10-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2472-12-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download