Overview

overview

7

Static

static

7

baddo.apk

android-9-x86

7

baddo.apk

android-10-x64

7

baddo.apk

android-11-x64

7

actionsQueue.js

windows7-x64

1

actionsQueue.js

windows10-2004-x64

1

audience_network.dex

windows7-x64

3

audience_network.dex

windows10-2004-x64

3

baseline.prof

windows7-x64

3

baseline.prof

windows10-2004-x64

3

baseline.profm

windows7-x64

3

baseline.profm

windows10-2004-x64

3

circle_bur...n.json

windows7-x64

3

circle_bur...n.json

windows10-2004-x64

3

crush_succ...n.json

windows7-x64

3

crush_succ...n.json

windows10-2004-x64

3

js_receiver.js

windows7-x64

1

js_receiver.js

windows10-2004-x64

1

live_animation.json

windows7-x64

3

live_animation.json

windows10-2004-x64

3

mraid.js

windows7-x64

1

mraid.js

windows10-2004-x64

1

omsdk-v1.js

windows7-x64

1

omsdk-v1.js

windows10-2004-x64

1

spark_animation.json

windows7-x64

3

spark_animation.json

windows10-2004-x64

3

splash.json

windows7-x64

3

splash.json

windows10-2004-x64

3

supplierconfig.json

windows7-x64

3

supplierconfig.json

windows10-2004-x64

3

tt_mime_type.pro

windows7-x64

3

tt_mime_type.pro

windows10-2004-x64

3

tt_na.czl

windows7-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2023, 10:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    baseline.profm

  • Size

    1KB

  • MD5

    e7116fe2e01a76b5c4eb2a7eb30db53e

  • SHA1

    45072899183dcc29b1c6f8211490ef7227682e51

  • SHA256

    c8b0a38d8cf11d518fcef6bc1cd47ee3d8e563910b83b2e469fd05d38b654034

  • SHA512

    858158ba13b8198ae867155398ce6137e8b973086c163a11548e91b6f20538cd72a7d3196b32d9158ad5a75fe45229798bb9eb37b504f4dd1db5840923a7ac7c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\baseline.profm
    1⤵
    • Modifies registry class
    PID:100
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3328
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:3288
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3128

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
      Filesize

      16KB

      MD5

      a579c5e9b91e5fa47cd8a387181f4ab7

      SHA1

      9d31aaf005300bec9881020d302815a027c91eba

      SHA256

      4b46ff3c06a7f23c0e12de0e35a02eafdf4e08ec606feca1e6e3618f531dab2a

      SHA512

      20d9a76f3a1b078ebec1bd2af233c625f8e664551863fa149a7dac6cd7486096f3d715326103e89452e5e330f018bce9948338cbfcd672f5bf0706f553d7e5ad

      Download Submit

    • memory/3128-40-0x00000270DE230000-0x00000270DE231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-42-0x00000270DE230000-0x00000270DE231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-33-0x00000270DE230000-0x00000270DE231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-34-0x00000270DE230000-0x00000270DE231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-35-0x00000270DE230000-0x00000270DE231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-36-0x00000270DE230000-0x00000270DE231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-37-0x00000270DE230000-0x00000270DE231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-38-0x00000270DE230000-0x00000270DE231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-39-0x00000270DE230000-0x00000270DE231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-43-0x00000270DDE50000-0x00000270DDE51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-32-0x00000270DE200000-0x00000270DE201000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-41-0x00000270DE230000-0x00000270DE231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-0-0x00000270D5B40000-0x00000270D5B50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3128-44-0x00000270DDE40000-0x00000270DDE41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-46-0x00000270DDE50000-0x00000270DDE51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-49-0x00000270DDE40000-0x00000270DDE41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-52-0x00000270DDD80000-0x00000270DDD81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-16-0x00000270D5C40000-0x00000270D5C50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3128-64-0x00000270DDF80000-0x00000270DDF81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-66-0x00000270DDF90000-0x00000270DDF91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-67-0x00000270DDF90000-0x00000270DDF91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3128-68-0x00000270DE0A0000-0x00000270DE0A1000-memory.dmp

      Filesize

      4KB

      Download