Overview

overview

10

Static

static

3

c367847c04...43.exe

windows7-x64

10

c367847c04...43.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2024, 15:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c367847c0456c4d7f563f08619e913e3b048cc9776bf7350778274afbd045943.exe

  • Size

    1.8MB

  • MD5

    86fd864d99255e610c9725cff3cac9d1

  • SHA1

    1bd3adef2b96f1d0f015ff130e759170238b7d4a

  • SHA256

    c367847c0456c4d7f563f08619e913e3b048cc9776bf7350778274afbd045943

  • SHA512

    a9587ce75c58daffbcfef92ed17ad46bc9269d91a445be5d61ff3bf288e18e84e1c2361e9850b2643fc723e4b42bbcf1a0ff3807c6ca966f1bb7e166c71fdcbc

  • SSDEEP

    24576:/3vLRdVhZBK8NogWYO09rOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ19xJIiW0MbQxA

Score
10/10
metasploitbackdoordiscoveryspywarestealertrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c367847c0456c4d7f563f08619e913e3b048cc9776bf7350778274afbd045943.exe
    "C:\Users\Admin\AppData\Local\Temp\c367847c0456c4d7f563f08619e913e3b048cc9776bf7350778274afbd045943.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1344
    • C:\Users\Admin\AppData\Local\Temp\c367847c0456c4d7f563f08619e913e3b048cc9776bf7350778274afbd045943.exe
      "C:\Users\Admin\AppData\Local\Temp\c367847c0456c4d7f563f08619e913e3b048cc9776bf7350778274afbd045943.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2188
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2652
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65d8fffa54acd61853a441f08474c60d

    SHA1

    930fda3b92ca98b9b67b8e27234fb569a37878b6

    SHA256

    d7e4d664ac274f7560d092b560a44a7805cf43546870b6dee00564d89aefd1cb

    SHA512

    a84afdc538bfcfa2cb40751841d86ae40f16ca8742ed3f0bb8f3f8016ca047b49d3b21767d63ac778ee2b6bc5c67eb9afe15daf271b27ff42c39f680b00b5411

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c0791fde53c595d6f51870aabaf6f526

    SHA1

    74fca1e108735f1775fc560dcc695695fe811298

    SHA256

    111a57f69ad5a9566c6543777dd96df7e70a85fcc00e716b9ab8285269a0b37f

    SHA512

    9effd4d5dc2d738e2a7074938688912c77d743f039cc83a7e25bb435a3c5e2bac3dc0a40639ed1ba1009424a1efd1d286415908096e6925400227b72c68744aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07168d9aa240c0d6037fde8b7a33d45f

    SHA1

    3d3372bbddac9325d769e4c4e8916ef8e8604bde

    SHA256

    77666f33d005f8b579096591aab963b01c0d432a67f4ce0a804e6221e68b3ceb

    SHA512

    eb18e468820cabdd0924ddf8dc74b2069f572c9ccbb363d6e23257992ffb4ffcfe9ba5bbd37c0ac57560d9308e8ed73826272b4c855948aaf936a352aaae8eb8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d91315bcd31d52b22b05467ee86548c9

    SHA1

    0bb0dfff2643893abd4d26a5316fcf30ac63b876

    SHA256

    6aa389469da969fd3912569c3b3a448f497e81713837a2cf9c0dad75b4bc69c5

    SHA512

    e8f24adc1887e996958af11c91b5a2c1d7cfd7a0299ca5cfdafac8d22e217f5b9c07bbf21263851b49fc06d8cb322b6fb10f04172e0090ab8a9db27d17375a9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8707c9812a742b1f37a1a3b6f9dac1e1

    SHA1

    ca2e7a8b6cedb84e57d8b3e3996f89c257fcb27c

    SHA256

    57e20e41a5abc9ce80760abea3e08f8f139835df2c5e78e0d9d23f6b5f97cba9

    SHA512

    e69100d35ed2dd466cad942f39da75ce2b8ad963229ea8036f6a58b190a65ed9eb394de849dc21dedba3b174b88bc6d43cf5b98cf054b4fa7c390f7646849da8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac01718dd98d2f59af641af44b5a9eab

    SHA1

    c8bbaf8247fc2c35fbeca26179999f123a861f3f

    SHA256

    c7eb145d263f920fb348cba337e85a9a1c5f484357c471403356a8abdba3255f

    SHA512

    f74165ba18d84cbba6fdc2b047eff7a15990f89aed4e5d50a9ebbebe64053d293be555b4118224793f3469c032978d5fd5cef39f9715506096a030be660dc9b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f34904b805bcc97541bd9c2ed6ff901

    SHA1

    00cd4fd097ef67527d9e6c424e392d0a1dbd17ef

    SHA256

    cae5b29deec2c78e507882624997e8bc6b0a38c1d03576a8169e08944d04292e

    SHA512

    240fcbd7793874d8e75896899d93cc9c5a99c9e67328d3733b1c475175dad92e698d04dc47e5d11aefdde59293077d84eb0b2eae6119811a0a851eb6abc6e2cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3948da58eedd8eaa8047f560cd4b225

    SHA1

    91d17ccfe25e4e7bd984f928c4e92ab07bcee758

    SHA256

    d64412835f97134e205f92289843161c0639bffd50e69bfd8f7d02ece84b6996

    SHA512

    559ec51c82ab92ab46cdaa61e661c7a2e238c1382e55d17c1c3416f53d42aad3c71f562a4e1cb8fc9d1fd45569fd2bc897c35bc80daea4d51312ce4e594836c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de555dff94c18663cbe78aeffd767762

    SHA1

    149da4b5cefc924519cb8b4013f140c3d5d1a450

    SHA256

    4f4ea0d36df45dfea29bad26e977ff571148974bd09d4e67e6569e113eec25cf

    SHA512

    20cdd240a9d4549abf5372755374279c81a2a419d0e64bc815f81caba87166a3b8d6fed5a9a592dbd954f03d5f7b4c13fe91f14dd2faa6deb45f615eab79072a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cedf91dccdab3cdf0f3be81a3dd33da9

    SHA1

    cee13930a740aa60a62c76dfa4cdb7ea5a9d6e38

    SHA256

    3ebd4a109dbbb18f36775beb777d5eca272af1dd29b129565689ec1563f365f1

    SHA512

    cdc946d8cbf12a3115d7544c9d1641384707f94404779bc400c9c2532f25b8f86a05dded1feb21fcce4f9fa8fb754b32afbdb0b1b91c389a13054e11ae514002

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe6a2f816628b904d15c2c36add6a7c3

    SHA1

    34f80522309a9f1443b9bbe0708c4bdb78cc8a7f

    SHA256

    dafa5d656c04a510a69072790282f245a8eced22d92f95fe533cbb6b92df1458

    SHA512

    b803693c33d728e6433a0a309b59a7f843e66a5fe7e99c50d2f42195ade08d804bdb5c9585434a993f70ca23f462070bdcc73e289aa87d49b07bfcd62037e54d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5B6B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5D91.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1344-4-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1344-2-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1344-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1344-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2188-6-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2188-9-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2188-11-0x0000000000400000-0x00000000005E5000-memory.dmp

    Filesize

    1.9MB

    Download