Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
26/12/2023, 17:10
General
-
Target
GOLAYA-BABE.exe
-
Size
180KB
-
MD5
55e47874ef9912a4309c4c90af7b67f8
-
SHA1
bda07533ed744d3c78ee34ab416d883504212e3e
-
SHA256
c3199ed5f9a3d4e51e4ff8287875a04a91602e348dcef11c403e90d96eea59f7
-
SHA512
d01550350e18c0507e8f45e1a970cfd6bfa910c2a334fe65ffc26f7347e9b967906a950bd6918fa2c19aebfdf087f2f82bf3a47e96af1ef903697d3672edad36
-
SSDEEP
3072:TBAp5XhKpN4eOyVTGfhEClj8jTk+0h6ejmo:+bXE9OiTGfhEClq9dejD
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
-
Drops file in Drivers directory 3 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\GOLAYA-BABE.exe"C:\Users\Admin\AppData\Local\Temp\GOLAYA-BABE.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\na ulisdf\take me tsdf\poztfiz\____000000_hello__.vbs"2⤵
- Drops file in Drivers directory
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\na ulisdf\take me tsdf\poztfiz\_hello______22222_______.vbs"2⤵
- Blocklisted process makes network request
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Program Files (x86)\na ulisdf\take me tsdf\333\why_do_you_cry_willy.bat" "2⤵
- Drops file in Drivers directory
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
200KB