Overview

overview

10

Static

static

3

f261688878...37.exe

windows7-x64

10

f261688878...37.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    17-12-2024 23:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f261688878af9eeddd4f026dfeb2782d7750882644dfc5980c2fcadecb644737.exe

  • Size

    1.8MB

  • MD5

    267e3e817a81e0e1a9c7d789ca1a5e81

  • SHA1

    6917d5f1a91b4879193625596aa354d17c5775db

  • SHA256

    f261688878af9eeddd4f026dfeb2782d7750882644dfc5980c2fcadecb644737

  • SHA512

    5572d53abc3585133bcef270f22d1e1eb73a33577bcb402049d58f5a17a00a9ddab35eecd89f164b4f3de9a89ea7c2509fd78e4b405162355103c72dc259d1af

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO092OGi9JoBqgvppOir7kw8atSw6ZwaIi0HjwC/hR:/3d5ZQ1KxJ/QUiUUt96Z0D

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f261688878af9eeddd4f026dfeb2782d7750882644dfc5980c2fcadecb644737.exe
    "C:\Users\Admin\AppData\Local\Temp\f261688878af9eeddd4f026dfeb2782d7750882644dfc5980c2fcadecb644737.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Users\Admin\AppData\Local\Temp\f261688878af9eeddd4f026dfeb2782d7750882644dfc5980c2fcadecb644737.exe
      "C:\Users\Admin\AppData\Local\Temp\f261688878af9eeddd4f026dfeb2782d7750882644dfc5980c2fcadecb644737.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2420
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2700
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    466a1b1f88a7dc23ca2183b86ce17af0

    SHA1

    8d330208d85c50113bd3e6d422e1ca1c5e20ccda

    SHA256

    96df8a7da13eaac4386014c6c51f0120b1c56248a5b61e73d00183ddd24c3822

    SHA512

    43d27412ff0fb0524ce5c357928bee56942d731224afbfb79991b5ef74c11d9c32532c15fcfab36fa65c130fa6d19a09d113f4de432ce32550cbb151ce6a4a13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11978c6ad1606c1a288d6f912e62a308

    SHA1

    7c19c9173259035cb72c6a4edf76200f1b398a54

    SHA256

    3602a8142d0f8f0139cb2c73169047d510c21111504193cec887ee69d5b7f622

    SHA512

    4215bec1e925c3bdca65c008dbb5389f855eb05af0c1ddaa9a0360d8a176d0745f8f2590e56c53cbeb2d61daf9948568a76b4d84d39ffb49eaab6438a65ab255

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a7899af2905099a735805fd17d1a38f

    SHA1

    3b8d36b99ee84638beaa0718db804268ba20bca4

    SHA256

    52a6c0199f879f6aa25c31da72f615028124bc7a79fe9d743cca4640a134fb8e

    SHA512

    6f5ed57e6fd5152b4894a289797665558fd73920a26621c7c0e48248e455af692fa1887bcbb931640a0ce1b025e9922e7a00fc79e27a390754117b41385cf6e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    224fe5ae4c7441865e9f74dc950119ea

    SHA1

    dd0a8fe2767c630cedb739e9530d299aa77fb2a6

    SHA256

    83daeb6d1d7e1940631d92f81f47ec783be562babaf9f83957b7728c907f4206

    SHA512

    1f8299f949e793dc506c977a3476149300074f535ec1c890b6c324b2edf6cdcc4b1ed34a90d7d1c8b8b20f2da9c74010fcd5f78a1259b135bea17ebda0d795f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d265feb628abc6a5010c42c0b7785190

    SHA1

    8c7c916d29314a3663ffed9d96c85b380b92728c

    SHA256

    ad5d9a2d2d01d77d6cc80fbd6f8840edc7b1f0673da0b6cd1b1ac53edfe2e6a8

    SHA512

    a30dc5df8ab898cb64970c209695178c7b4981b0605c3508d799a3d009d66ff00af9d24aa889a9737773a6407893d6f49d49d66584521b67bc741d707820540c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c705cb4133f841d4359c88ed3b48cd9

    SHA1

    25b1d1faac18451939718b6b3b8e1ded588b9290

    SHA256

    d35ed54a9240e04eae92dcd82e2d8dc5b151ad52e15dfcc420690b4266cf7e16

    SHA512

    366f73cb4d3a0aae3eae487f297e6aebc9e45f0a791f9f7586a7ec83440c8161b152df2ff4150b61f17ff7a114800df66024d2c063de9b4adbc62d1db22148b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e89ab4bbafb10312888767399e5f4525

    SHA1

    24667f37ee393a42b6a8eaaa01543ca4ea041f54

    SHA256

    efbb6885a19b4fa2841830fa67dcccf8784976f27708ef9747d7958fcb2a1dd1

    SHA512

    68b28c7433be2bf365cccc455f3fa27b556725b10915c2227f4339977b1055cdd3942450ab5ae2119a69007f386145ea58679616f30e0d9024e2eaeaba29fa33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64b8caa785a972c915913e2375264f13

    SHA1

    cc0d1fa80cd3bbaa1a41e004ee300de01e87aa8b

    SHA256

    65584c2e0e247b5e1b41f40f3ca3cf13ac8bb0a053eb14133d65187cde6cf1bf

    SHA512

    8323a0a57aa46a945fa3bbb5c6dc97b5fc1f916ea7e124eaa8cbd7e712916b589b9a701584007c223e83ac64ba6930cbe1c954bb7d109d6f0f79e8f600cb2845

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9aa435198faf807fd8355b17f0a3bc51

    SHA1

    1ea075d9e112a5b6752b340a8fb432ab1d963101

    SHA256

    2646c7d66519d1541b0400f258ff248b1a93c2b0933576d86dea5928ef232cf8

    SHA512

    493b309c320a434f291a73fe7cda123ef51bf26b27fc2d7f384092217343c399fdc00bddf8df1da3bf3a37e53e4fce49f63fd7b412d5535309ed1f1af2a05a65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e36cc471db69e440ebe878bc7712666a

    SHA1

    c9f389e69ad5a4ceaa5b8d9879a713e7fe2413ae

    SHA256

    c6fd6c1433b899efe04dfec47856349a3c4bf8a509c6e6cb1e45a58d2fdf7293

    SHA512

    089fefe7fd6aa25173b04889495206b2ab004b38d432df2363e9c390304cfb4ace8bfad01d28e9fc71645d16e8affb07c7f2caaba6942045d2cb1be6cd6c049a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11b35443e6bf55287a97838252aeb837

    SHA1

    40085eb19ed3722464473628bdfe81197f46b4dd

    SHA256

    b8666f54dee4796707d65bf4003a144810a56107abac48dad8b801139f1baf29

    SHA512

    cdd4bb38055853c4e7e8a8dedf0668ade2f21e153261201932c38a647fa4a5da7e80d4d7c3052fdfa33fd2932d43d70274776456db4f4a062214aab17c6778cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27aa986389a0f8cba69df1f9fbbf793b

    SHA1

    f998d772b5a0c3ecf663c8d6fa6b77040eb9664c

    SHA256

    e90032e6f240e4af7de202eb279891b1e920a53e977aacdc8ba9ac52e76c1769

    SHA512

    f740a2969e756edd413b06d7af05f189821819e82422633e9555dccfce64a3736dedf6f044138ca4f4b17ba85f864abb77fb340dbf148b61cb4d4b178d38b123

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a292878aeeac895c45821fe894a80c46

    SHA1

    032e5352b10062b6ed651982c3ded73ac36278a1

    SHA256

    49b52e0b6efc4f64bb9dc6de28f975f70cf6773769b1fa0b2a08ccd2ed90c537

    SHA512

    a7704ca27985cb5fb68035c109b9d25a6540cb9a849b0c476e541fc3df52024bffeb3f859e97b29b4bed9d4e6e3f491aabaf182fb579c18c283b02865072ca88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8877f709c91f77d28c367dd04d6d75f9

    SHA1

    3e15adae9aa5b046021d5e0fbcd45bd175744462

    SHA256

    355ffd38bba5a802ec6df7a1ddbcc8ada4ae316cad0e41b9f5174ff2d9a7fdd7

    SHA512

    28dfb78f434e2b30266854ef1f371f00497deffac264293f3ad422bcd07e7c2eb58ec8e4060e9cf7dc0e53aed94be64dc24a31789dd57c1f5a8a87c3efe4c9c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d11100c2b387daefa9a705f8a990c9c9

    SHA1

    d1ba6b306effb2ac2f15c8b0185c161df9aec11c

    SHA256

    5b6e31417848d71efa9a9a8b105004a5a9e09630bef051313811e0f610e64a7f

    SHA512

    df4b1005e0efa92271b871b1d92c91dc95cb1792024739e2b2f73005f17c6f09d614338093ab2cd841cb02113d87c8222878ca6861f7b3b400221fd92489b72d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8f54c15105269e4d7bbfd78ea50151e

    SHA1

    a808fde32fa3c318673401afa6f8a28bed9453e3

    SHA256

    92f192ff162d7d573d5f55662bf5c6da8af03c7f69466812056d9aad28c130e0

    SHA512

    412f3061dd4b07c34cb4c8aed6491a7b68e5425616dc24cb369c6e1ff8726098fd82ce8df1c135afe4fa7ec5a8f82eb8f3b44f0561896fe20860ef3817655540

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    443f014eb579dc51e25b1358dba0997f

    SHA1

    0e80c51d82d464db3396c08281eae3a788852b45

    SHA256

    6c0aa52498316ffd98ce72633963768844968ff63e93620406c39408b9714889

    SHA512

    718505516b76427f0d35ebe489b4187eb57b5fbd093dab55e22acbb167f99d45b85bc3be422959a10917098dbc6f09f156f96bc480277fadee468da998807b5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d667127a2025626d3e6e958723501bfa

    SHA1

    7e6b738310445111b186786e3716582d445ac1fe

    SHA256

    39923fbf6870d029789b455df0902dedb88c8eec1926e640041b98335eec11a0

    SHA512

    bdbcaa5ce3c6fcb7fa9c9b18947846870361c13d22863de3b7f569f20a0b0ea2849d0ece6b4cf1ebb817df549acba40a9e69d2f70660907287864700fe520302

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cfe7a7a7e1743759156f8f54523af3d7

    SHA1

    cfa89574a6af839d0d966baf5774b00ad144a6a1

    SHA256

    70340b7547c5985920de5c7ac28ed2933a6c724fa14cc3542ed6e613b06aa50e

    SHA512

    8f4a96010575363fc1f942f943bdbe37f9145b8bf1c117903e2de6f8fa3f33472266fb26e112a3f9d04985db99cc48cdb8d85cff15584f777b30c5ceb02ff514

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9B85.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9C36.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2156-2-0x0000000000370000-0x0000000000371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2156-0-0x0000000000360000-0x0000000000361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2156-3-0x0000000000360000-0x0000000000361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2156-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2420-6-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2420-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2420-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download