Overview

overview

10

Static

static

1

150857f47c...ec.exe

windows7-x64

10

150857f47c...ec.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    79s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 09:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    150857f47c2baeebe41028b415ba30ec.exe

  • Size

    6.4MB

  • MD5

    150857f47c2baeebe41028b415ba30ec

  • SHA1

    04c42c467ecfb1ba1be93ea8d093514581b72c92

  • SHA256

    7d580d1416efb8a4475d4d682ca4e53b96482ef437770e66cb2ca8bcfbc075c9

  • SHA512

    34e14180c9643c13a41c5c2aba823191cbc6b3d77c355bb0150bb93bca8d8bda40c77b0dde4171a58e4ec7c17d1b1133d9b8603b6534f921d4535b45c6cca30e

  • SSDEEP

    196608:nA2vkEyBJxdhAkbGxTmN98gQKba9JmbMPfrI8:5vy+TmfzpbWJUMPfrI8

Score
10/10
babadedacrypterloader

Malware Config

Signatures

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda
  • Babadeda Crypter 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\150857f47c2baeebe41028b415ba30ec.exe
    "C:\Users\Admin\AppData\Local\Temp\150857f47c2baeebe41028b415ba30ec.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4720
    • C:\Users\Admin\AppData\Roaming\Colasoft\Capsa11Free\xrengine.exe
      C:\Users\Admin\AppData\Roaming\Colasoft\Capsa11Free\xrengine.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:4732
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2828
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
    1⤵
    • Drops desktop.ini file(s)
    • Checks processor information in registry
    • Modifies registry class
    PID:4792
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
    1⤵
    • Checks processor information in registry
    • Modifies registry class
    PID:1996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\kaosdma.txt
    Filesize

    12B

    MD5

    8cf4dec152a9d79a3d62202b886eda9b

    SHA1

    0c1b3d3d02c0b655aa3526a58486b84872f18cc2

    SHA256

    c30e56c9c8fe30ffa4a4ff712cf2fa1808ee82ca258cd4c8ebefcc82250b6c01

    SHA512

    a5a65f0604f8553d0be07bd5214db52d3f167e7511d29cb64e3fa9d8c510cc79976ff2a5acb9b8c09b666f306ac8e4ad389f9a2de3ca46d57b1e91060a4c50fd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Colasoft\Capsa11Free\JdbcOdbc.dll
    Filesize

    833KB

    MD5

    aaa3bfdf7c3d9d8a0f9d40ab64454665

    SHA1

    f13fa60b6c95d30c67cec3e73ce928356bdb8d6e

    SHA256

    c0db73f3003d1daf0e33643c75e1e3e407c884e287795c0bf8a42f834097d83b

    SHA512

    24048ca7af7fcc122ed5d6d006016ef6fba6725687b8b9a1853bbf1a588d4a946edaa0fba359c519cc1a4ee201f8e3c7f7018211d2e213ee9bc79e82596b9418

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Colasoft\Capsa11Free\JdbcOdbc.dll
    Filesize

    960KB

    MD5

    62cebb1d9556e26ee20da12d37a34cac

    SHA1

    414b05d363c122b47e1f01ac8502d003de7d6c48

    SHA256

    c9ebb75e6b5e7bb23d9ae6f5457643fbfacc7a2ad28e4d24f6dac1d4c1187e0b

    SHA512

    63b4e7e64457cbebf05ad024141cd3efb241f3fbcf3872fbd97c322261abfb03040cb342f655cdd3718efb41ac3e138269699503047f33c89019be484fe4ad99

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Colasoft\Capsa11Free\base.xml
    Filesize

    863KB

    MD5

    51599707dc82f6946f39a87c5ac9fcd7

    SHA1

    f23db51bfe863a3ac1362ce131f5645e9f8b614e

    SHA256

    0be18ef99cfd38e7c43ef01f270778c46b46a43d5b7cdc81e7f83f91729609ca

    SHA512

    ab0669617b3d826a6b45e5fa2a814acb0ef0d2cb4d63dafa6e72156b158334d21af47c423f560cd4fdbb8657c78aa0037383611d06c66745e74873b32c68c69e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Colasoft\Capsa11Free\xrengine.exe
    Filesize

    2.0MB

    MD5

    6f12f9ee72e6e02c79e48404f049d2d0

    SHA1

    8508169aaff7fd03ec7de7bac2d4f02c7784989f

    SHA256

    c270e35ecd93ce0bf3490d3bbf0e318547d440e6171ff746fdca5bb62824e16b

    SHA512

    89281ec882f91f03e145663a5a40b715393b7ac88af92777f3bb483ba08b4ff91ad173a6045fa14cf1fe6eec6f7886dbc8bcc01c0357f4761772fb0a7de197b2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Colasoft\Capsa11Free\xrengine.exe
    Filesize

    2.0MB

    MD5

    9d393a02d1b792d938217bad1f0d0173

    SHA1

    e786056d4de8e022ff9bf85af2ef019d3f991917

    SHA256

    176f2daee944217c70dd83c76018679dd3a9bb37f44363538c97264134cad9b0

    SHA512

    dd8d15a2d8ac21f2ca6633cecf9b08efcde8cf95dd6d787594ed3df9c5f30a9a9767d26b831279bcb6cbdc9656e0abfbb5aac94f778ba43d27b3993d9b825c70

    Download Submit

  • C:\Users\Admin\Videos\Captures\desktop.ini
    Filesize

    190B

    MD5

    b0d27eaec71f1cd73b015f5ceeb15f9d

    SHA1

    62264f8b5c2f5034a1e4143df6e8c787165fbc2f

    SHA256

    86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

    SHA512

    7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

    Download Submit

  • memory/4732-240-0x0000000000400000-0x0000000000B76000-memory.dmp

    Filesize

    7.5MB

    Download