Overview

overview

10

Static

static

3

2b2edc79de...03.exe

windows7-x64

10

2b2edc79de...03.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-12-2024 23:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b2edc79dee482918f7eaebf21726abc726d978e367f557a70c5dbba9eabcd03.exe

  • Size

    1.8MB

  • MD5

    89a9548746dc60eee7e565ba68a81ced

  • SHA1

    4a6da9d97507d6124c577f423f0e3a3f9b7d8c8c

  • SHA256

    2b2edc79dee482918f7eaebf21726abc726d978e367f557a70c5dbba9eabcd03

  • SHA512

    e7f58159512aeebc30779de178d0a8e13a7fd3d6d0e2348f60f030ce3ef7e05f228b60a916e055fc9783d0dc7728fbf49300441f13a27f81da608b8765942df0

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09eOGi9JbBodjwC/hR:/3d5ZQ1exJ+

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b2edc79dee482918f7eaebf21726abc726d978e367f557a70c5dbba9eabcd03.exe
    "C:\Users\Admin\AppData\Local\Temp\2b2edc79dee482918f7eaebf21726abc726d978e367f557a70c5dbba9eabcd03.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Users\Admin\AppData\Local\Temp\2b2edc79dee482918f7eaebf21726abc726d978e367f557a70c5dbba9eabcd03.exe
      "C:\Users\Admin\AppData\Local\Temp\2b2edc79dee482918f7eaebf21726abc726d978e367f557a70c5dbba9eabcd03.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2960
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2716
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    428e6ed1294c1551608d97291b4a148d

    SHA1

    c75b0ba769bdc2be0eaa128343474e66b31ddc38

    SHA256

    e300d593d69fc508924913e251f974a8bd4b6da302b10717c71da96aede57311

    SHA512

    e25e4c01c684fb41c6c922ef7b7b9b8623e0bdf0dc9a9603cb8ce0aa4a9bfb702b0fd7caf461adfec7e7a730e88b67b1af09342c4c5f572d066f849f752aa9b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43cc702d522eeda899958f2787ac8a53

    SHA1

    32d9227bbb308278942866335f6cc3dbf803ba9a

    SHA256

    b04f315cca93c1ba4cc6c69f0ab5f46546fd48b753d6d9ec4272603c86e3d6c4

    SHA512

    b6f7fdef6211b3a2f156d7d88c5ac8a7a6624ad78bd2d589335c83ddf3f15e27a8d8b3c3f0f33d2045e3db94ccf104fc6f9e40c2b6b113e5089a4093e584ae70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d84070630b9a0f2942fc5e12b2e6b77a

    SHA1

    c608f3cd8714028e8ea2714029392e6cffa3b44d

    SHA256

    3d99413b0f7a70db25e37369955ab854126ed713b4685ec668dc4b677fbcd174

    SHA512

    d688c1f1e97572a3a30ba46d5df8a0c71b0fb0655db0d6a5124520b79291682add55d5fc5ca5850f9dc3e83f2412814188566917a16148e932f6419fb29fe857

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    858a79370532d353c273a78f6cbeab3a

    SHA1

    4204a0c3d0d891a6319e04e73469994ab9d5b17e

    SHA256

    738dda392757b8173163864cf9919d6b97e7678a415cd3898f99ea3fe4654ddb

    SHA512

    fab4e317b47a1e3167867c6b2841e5c52cd687cfdc4c39ceeebf257117220663ab0a9ca0ad84acce8af6d6b24963531a70c46a2f51f18f16210843f56fd171ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b7d1282e273f0a1425aa5130e15979e

    SHA1

    c08159b4c33ea34c154e7fc23e77d0475ad19d08

    SHA256

    ca1e8d22c89b2083b6d15dc15b8332457bf8568d987fa0c27ea00aa27b5a8285

    SHA512

    9aa13c2886448597a5e3ac31be0e6841d6a68c9ea4010c13ac3bf421587881a8df6c19d2778455bc50d78f2c5474b799c1cf4a5979c0b4ba7ff7bf597d55b630

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da40defc70394c67b432fa0f23d21390

    SHA1

    dd1295ac813a5a663ac771a4f1d25bdedb693f8a

    SHA256

    a0f50b985e046e45b5106fe9de4be143380116bbf4e755b49d3a6a19a38c57b0

    SHA512

    96e6b92972f333d2cdc9b6dfc39dec577257d6e96217565bf7c3b2e284ccfc6886d61e42da0a3addceaf2260d520504555dce2876fcbbedda442daa1c0608ec9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f12725c39990eac5dfe1df4764c9a86

    SHA1

    54d92da40ba32f0ff614f828802c75b4ceb9657a

    SHA256

    56e1460dfb727956c0d5f4af446d9355d3518fa95b40c2a582cdc0f9b65b1f85

    SHA512

    5ef4fb2c06cb2e6c0eb3165c15c3b77523f5316578a7d70fb1aef10e6162f961bb3d2911b4461d5f3cc2780f4ca512b6830eea16c71cac41778fd8124ec93d4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7743684ef0dadcc32ea709d724ffd754

    SHA1

    d9f21fe46813935273f1bcf7fac27adaef31bd78

    SHA256

    46dc70fd8f20991f2393e6f7f12ed287ede7ff735f73883957327cbaf4f440e2

    SHA512

    4b72a9605d61a2cd7424295ef41474643b7bc63e1cb78d571f74e71f0ed548bfa614f038a004163fefd2b8a9a50ee5895ef1c2eed4ac3e2a0aab6f8baf896d41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f61665087d0dd8734450df2916b7ae12

    SHA1

    0344b50d23f10fbacb86eb292b33a9f26522c33e

    SHA256

    37cdd917ebe061f7121386468329e1fee5a2093f97133a025197f7d40ffd2410

    SHA512

    d219930b28f3f5bb711c149cf060ba0cc057495c00fee8d779486d75a0c0d202be13dcba4757de3160d849abfd359fd62501cd4f261ed4b73785a45b77861748

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    988e12eb0271911e8a780dcda41c367e

    SHA1

    c66e45c475a3df092ff10ff9fe50a682256f114b

    SHA256

    089fc7c624772762a08b3634b46c0890d48a7aad4b02266cd1c7c2061f6e5311

    SHA512

    ae53c33fb623156dcd1b118efd45747f42c0707ff5b5220c35bdacdcad7e845c95cb220c1c2ec7ebf1b0a48cb946648b366733022b3040120dca1199720885e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7c8d68fcd5c43eeb8cff5a395f781ab

    SHA1

    88f5a6c605673d81fa505c9acb67af77580c36a1

    SHA256

    5b42c1173e88b95af88054c23f58b8bb5ea1aee51b09a632561bed223921703a

    SHA512

    1375a7c7ea195c854d65ab085b3b8cf4df8fe67a09985861530e5bfe8149833e2d62e3fb2b707f5ad2635b4fe4fc6d42fb186d159f3551258e1ded1411016d93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c968c1451834930de04918b6d542546d

    SHA1

    0b3104ec2c9bf4348c2580a19fd0875b9af0d081

    SHA256

    ddd5b958550ff135d4502f576b761f2e10d8af42d0fc52c3d1bf833b36a9f5f3

    SHA512

    11e70d8a0aee2cc58cc79c759bc781e946cf4b1c2c680a13d804d7fec61fa939886b90638034e60b6126747f296435b1d09b98d6f5fd97c064f25b505053186b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5abb4562d2ecd4470c5787a548d742c

    SHA1

    29ed875c6edfacdef1c2de41ffc69f91075c15f7

    SHA256

    f503aafde4e91f908ac60a48ff4cff56fb3a942662a695aece45771d46f7237b

    SHA512

    9f65cffbc4d43870fbdb60375436a15970c7ae8f3d830383cc7609f62f63238f70a546aaa8df2ff68971de64e958537c63eaf8133a91525eab7b0b8fe1a41bce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be582532d5a7457e6b247c8b37493b6e

    SHA1

    843ec7a21d16008222d87f21aae7f769f8226eb9

    SHA256

    aea56be486e67ef5714682676fa11d973d2795e1e4a92bef981fe4a1c1e8bd2b

    SHA512

    41ece4d31b27096ec5d3c3607d98a849d946b40b4043f8f31a6d98f297db4ed083e6febea501e72abe3973e312f88a010019cb07929ba8e3ba5913c2cf8442c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee048cecf8a9ae1ea953f6252ff80f03

    SHA1

    82568cc42cb8f47ceb5939269f5b4e0bc5407859

    SHA256

    efb4150eb760a722bb5ebc1be8f967ea6bc3545fd541623bb15c398348af6ecf

    SHA512

    86180a04054401f56f0d52391044104a8fd6c095286c0e519842eeb2bf88385d9241c0307e3e16332bdc7e413830f59d6301e552dc32302611bdaf242eec072d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9bd83f6a4b10f9c82dca02339c431c82

    SHA1

    125c3012f7d896e6af65a1122cb9d1f7c099649e

    SHA256

    864408de390a7bd5318b6029d9b5f710500dc22975c1c9fda2a9d61bfb637096

    SHA512

    85b00db09e832b6063982d053a3c3d10bec8d5c0350d57f442002ffb445cd03ba29c745e844dc9893fb95d0e2873eb6da79056f4be465bbfbc2b9f6db0226c76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e24029b7a93c635b4f5bb165b6a3551

    SHA1

    795ca8aeffccff34e5e5b2664dc2d2af2c562974

    SHA256

    8a87e376d4e8f14ac3add7b6dee6110099f3cda76eff7976f3eb9e33d8baac28

    SHA512

    e38142a7c570754c781306da1b50219faf9ca51332d8f0da058ee715093d822f7b7e055712ada2363315066779d2a540f73aa31be754d3f9fa353106bac7f721

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f4b0f951f92e59124ac9671d1584af5

    SHA1

    7e3e70cba04837f614f5e1e964050d2534e21c26

    SHA256

    16c48d07e8540673ff487de08d405f1ea313f6c07c652a9e26082097ba27ab50

    SHA512

    7d1fc983e6aebce2c935c9ad72c4eaae3797788ebda9dd9d954904b1c2cb9524a496fa4bf091b25e5953c591306504ef205669c7ed5b6a2741d76fb75937cac5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bcc861d151bac22fdb013b575dddc20

    SHA1

    87051ef556d6272744e116eada5cc68bbe12fa4b

    SHA256

    5af3c1c37d4ef5330d569d001580f9da0834fe48f9a49bc0c1e852f4af650aa3

    SHA512

    282315ccd59c8d857251d387e5021b7689e20db8aea2bcabc203c2693fda9cc09bb2a3f8d59a4b19b18caec812d7eff37786d20ae444fc5943df75405cb73e8b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab90ED.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar919B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2092-3-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-2-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2960-6-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2960-10-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2960-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2960-12-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download