Analysis
-
max time kernel
209s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30-12-2023 09:53
Static task
static1
Behavioral task
behavioral1
Sample
150857f47c2baeebe41028b415ba30ec.exe
Resource
win7-20231215-en
General
-
Target
150857f47c2baeebe41028b415ba30ec.exe
-
Size
6.4MB
-
MD5
150857f47c2baeebe41028b415ba30ec
-
SHA1
04c42c467ecfb1ba1be93ea8d093514581b72c92
-
SHA256
7d580d1416efb8a4475d4d682ca4e53b96482ef437770e66cb2ca8bcfbc075c9
-
SHA512
34e14180c9643c13a41c5c2aba823191cbc6b3d77c355bb0150bb93bca8d8bda40c77b0dde4171a58e4ec7c17d1b1133d9b8603b6534f921d4535b45c6cca30e
-
SSDEEP
196608:nA2vkEyBJxdhAkbGxTmN98gQKba9JmbMPfrI8:5vy+TmfzpbWJUMPfrI8
Malware Config
Signatures
-
Babadeda Crypter 1 IoCs
resource yara_rule behavioral1/files/0x0006000000015e38-245.dat family_babadeda -
Executes dropped EXE 1 IoCs
pid Process 2340 xrengine.exe -
Loads dropped DLL 2 IoCs
pid Process 2416 150857f47c2baeebe41028b415ba30ec.exe 2340 xrengine.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2340 xrengine.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2416 wrote to memory of 2340 2416 150857f47c2baeebe41028b415ba30ec.exe 28 PID 2416 wrote to memory of 2340 2416 150857f47c2baeebe41028b415ba30ec.exe 28 PID 2416 wrote to memory of 2340 2416 150857f47c2baeebe41028b415ba30ec.exe 28 PID 2416 wrote to memory of 2340 2416 150857f47c2baeebe41028b415ba30ec.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\150857f47c2baeebe41028b415ba30ec.exe"C:\Users\Admin\AppData\Local\Temp\150857f47c2baeebe41028b415ba30ec.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Users\Admin\AppData\Roaming\Colasoft\Capsa11Free\xrengine.exeC:\Users\Admin\AppData\Roaming\Colasoft\Capsa11Free\xrengine.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2340
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.8MB
MD5ae579e792f697b49ab65ddc49b513041
SHA1ddacc12dbdf3942ebbacb88096668f1300d2c990
SHA25629a8ca5ecce3ec352181e4da596e9d6e8f2405092118ba96749ff61ed8098d84
SHA512315edc8d139396a60da7eb24ae9e3b54fac5b918910d97e97a7be479da9383fa3229e24c87defe1b7fb09f4d8880ab0554bf40e9d3d06a0668191e6f54a2b6f7
-
Filesize
863KB
MD551599707dc82f6946f39a87c5ac9fcd7
SHA1f23db51bfe863a3ac1362ce131f5645e9f8b614e
SHA2560be18ef99cfd38e7c43ef01f270778c46b46a43d5b7cdc81e7f83f91729609ca
SHA512ab0669617b3d826a6b45e5fa2a814acb0ef0d2cb4d63dafa6e72156b158334d21af47c423f560cd4fdbb8657c78aa0037383611d06c66745e74873b32c68c69e
-
Filesize
874KB
MD5846eb78bc7dfaf8b661c3ce529be7f56
SHA101c82f1791611b57f0d704533a91fce4da91c3eb
SHA2560027c2bf63938d8512fd710d1fd0b8cd0d6368ff18df05d9d66f9ef73fb54088
SHA5123d3fb50bc42392987ba042025a4d0c61907044946f500b91fbde1a589d80a4ef0cabea19d5988487830b6d246e09315caa3ebc6b7bec7a1c377e39061a413c71
-
Filesize
4.0MB
MD52d74780cb8efdd7038d663f5ea35a38d
SHA1337c81688c22cbf5df03848d5fd617bca25848dc
SHA2569750f93885304887d088e68737827cb970943d000ccd4245e6e7fdb55b0a9606
SHA512ab9e6b9c76e0d10fcbedeba558aa25a3adeb1a3e9107ece02b20e5a25a1d0196b5bd6cf62ebae206ad3c72c1dbf70b0024beff2b64f21d7a83fbe899623bdec8
-
Filesize
1.1MB
MD50f9210c3a6b12248b281b4b9015491e5
SHA15201fd2f0cf319e8076a7fc693ef2fb3a3c1147a
SHA2566dc84b136a6bdb51cb98f7668f66bc7fac776856797db175435bed73f708555b
SHA512fe2d6ebb5d8a4163857f54e94011b6549f2efc32d76e88c42bf1aa432545280fdb283fcc9922014f115b14e9a7f26411e3d863bc4ad16313317e46adb7dd34dc