Overview

overview

10

Static

static

3

f261688878...37.exe

windows7-x64

10

f261688878...37.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-12-2024 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f261688878af9eeddd4f026dfeb2782d7750882644dfc5980c2fcadecb644737.exe

  • Size

    1.8MB

  • MD5

    267e3e817a81e0e1a9c7d789ca1a5e81

  • SHA1

    6917d5f1a91b4879193625596aa354d17c5775db

  • SHA256

    f261688878af9eeddd4f026dfeb2782d7750882644dfc5980c2fcadecb644737

  • SHA512

    5572d53abc3585133bcef270f22d1e1eb73a33577bcb402049d58f5a17a00a9ddab35eecd89f164b4f3de9a89ea7c2509fd78e4b405162355103c72dc259d1af

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO092OGi9JoBqgvppOir7kw8atSw6ZwaIi0HjwC/hR:/3d5ZQ1KxJ/QUiUUt96Z0D

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f261688878af9eeddd4f026dfeb2782d7750882644dfc5980c2fcadecb644737.exe
    "C:\Users\Admin\AppData\Local\Temp\f261688878af9eeddd4f026dfeb2782d7750882644dfc5980c2fcadecb644737.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Users\Admin\AppData\Local\Temp\f261688878af9eeddd4f026dfeb2782d7750882644dfc5980c2fcadecb644737.exe
      "C:\Users\Admin\AppData\Local\Temp\f261688878af9eeddd4f026dfeb2782d7750882644dfc5980c2fcadecb644737.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2228
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2692
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24c25140bb969c25a7762e9954bde890

    SHA1

    d68b32629a99551f952097ccd31638fcb46a106d

    SHA256

    8a98e96b7a7109878aa365b2585a5a72ff222fd7877ebc21209dcb52f0e2dc5a

    SHA512

    f4fe592779584fff82d569c04406e67d1d5c7f6b55f47a0ba12038116e0db7c4e62680152fddb20b2ec9fa20255ae6ea12071b996b41dc7a855f13111f0e8df4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    631436ce85243ad204771700f0e31d20

    SHA1

    6530682421406f7476f9bd1a54e1119f9936eae6

    SHA256

    d4944e6bccc5da7b85385e5d68770a318f6800372ef374b7de1f721993426004

    SHA512

    2c964f25575e4c4194c2d274d65d7681730a4d240de0a8f35e6d34aa3ac94a12ed2dbc0f4739cebac7fd8d277fe3acbf0251e52b83f310114e2acac23ba29982

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e4d06b6a44be339716e5311e9cae160

    SHA1

    b28c964588102fd3b259359b4ac16b0e717736d6

    SHA256

    0947b059406f87e96b52ae618c3cac3011ce31cd5d742ccf873a0625e655864d

    SHA512

    6ffedb9a44ac3523ad92138161c09655c1ed7d423078e5f1a128cedaf1cf5b9ef2e699141a5d461d771f091e121bd0c40b8993f5af72aace4e0bb632cd09d5d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2ffdc406d9d4149701c0758d5f031ed

    SHA1

    6afe2385d8cc2d5dbc620efd2efc0837097f3591

    SHA256

    f8826d12a60657089a4cf0ba2382dfba5a4450d50f0ae47cf5a8e76f45155e27

    SHA512

    0b3befada725c28f64811784a021d2d1c793423a9a65f419a654f6c8fe8007a4ce3f1adb5ea9a7aba0477c4806d6ba14469c7015636530dbfc31938581822348

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5108c42419212b16e68ab9750b0e9109

    SHA1

    e8669b31de813bc336d028fb240376b5cd4d34db

    SHA256

    146452947802e308fa6282642318666f21ef9341aea93b178f1b5f4ad581d45d

    SHA512

    fb226ec2f06a556668c46cd5d15658f62d044eb1ef4be32d7f4c81bb0844929c7653c9a7e29cd718d9160a78cfc4509432e7014383a3cb6d79b6e32735657d80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acc8edbc7778522e6677a5890f438db6

    SHA1

    819d81d9d66a14d7200466be3d489565f6262e53

    SHA256

    99d3790bc61313479d14a7626d2c24c1d11f75f0c9f0f6a61a3e0b2477f2aa1e

    SHA512

    741f42d25c6ee2b92aa81b95b4811996d7ca57d64e9456fc8bda78650b6c641a37b64e056b5a5752c6aea8e8c80cac77aa1bcdf7b71a728f220ea0054b809e6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31a3990a8d6e8a7b5b53fa353461cd95

    SHA1

    584c26d4d1cf6c08b7c3d10847beb04fbddca1cb

    SHA256

    7334cdc4f5d6ec5c13383a910ca1ceee92059e60f83dd8d7489b143899922a03

    SHA512

    a24a051f1da910e949e9b36359137b8c057df2da63bc1310914e3c4a163094adb81ee8a0d0f42b694b4be5566db07bc96cca557e38b8b370393e82c70b7f27e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f30bb249933f0a7f0676f1631309b41b

    SHA1

    2e7bf6c7a91bb0d2c2b2485384faa79154074eaa

    SHA256

    e0f45ed533fbd49b2111494470d72c158eb32b8170148f37d05a589154d9d6e6

    SHA512

    da0cccd38350e01b492c28670eadfd9c45ec927b3d07e4b6b915c106b21146be6f5d86b943795451d1a3ce8dc99b9f7aab3db0140a1995ee2581adb35a28825f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d39c2733f8eb326674e96c214393e265

    SHA1

    f6357e7ca907d58a32410590b11afa29ffcf4432

    SHA256

    ba303cbe8128145cf8393a3845c4917de6ac069671260cca3fbb4af3a5f66e55

    SHA512

    bcb9e4278839577caa9ca425793836282851b84ffee173183cc3d55ad40e6c7b04b53ca270211caf41145731c8b6b4dfcda5ee84c3725870c399b4067dfe4c54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b05f3377349e3fb36c60053b528e1c4

    SHA1

    b0c8e46cf810bbe389530a5ef59a050d2900cf3f

    SHA256

    b5778b967cf030af9db7aa3d717d94903ed2422d718168010082c9d3fd092abb

    SHA512

    c7565a1e348a130e71cad22a9ce2d017e83096b4ae18f3af1535223cd952fcf27344e6c20bbe96c2323c67a88b1780c59fa125029395a057e74641e3817e3ef7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c66f20627a3aae1aef7adc39e0dd47a

    SHA1

    f1b0f595419ab3c82555a7a01ad907828135eb25

    SHA256

    56a66e9f4814babc2c8f44b0bedcd87e9c1428d6705968f611ff08724d2a4df0

    SHA512

    f359027100c07610407f1d5f139a03d08c8a842fcde27cba4bd9c372cea759446e25acc894c9c01aec3a41eb10be8881447509b0a33e04e25197de7a3082e277

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e4999316311052d9f22c0ac6de35b39

    SHA1

    9d5f064e3b3730c189423ead0259cfb003743a77

    SHA256

    b77c9efa00ba433c787d5ae534b2a86ff6b1f2c83e62b910a5031914969441b3

    SHA512

    9a8554b2d8ff9ec877ea9a23a538ee1e04ebfc3e239e44c39a72d74abd9e3c3e22b0f80a0afd81b3c2996be9143383ab655a40a1439905e409ff7451235c5d36

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9CFE.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9DBC.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2228-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2228-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2228-6-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3020-2-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download