af7453257601177a1f14dcb97ad0bbfafbf248c47eb03d7c591c2b86f3fa7647

Analysis

max time kernel
164s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 23:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3f5150071c3d150a05841d0441146f3d.exe
Size

167KB
MD5

3f5150071c3d150a05841d0441146f3d
SHA1

f2e83d34bb89b1e6bf94cb4f15f5e6a1e5385c2d
SHA256

af7453257601177a1f14dcb97ad0bbfafbf248c47eb03d7c591c2b86f3fa7647
SHA512

003972fa47abc8db1a96eca81001ce799bc48abbe51ad0d3d55195d4a6df0c957c20fa3644270f2a81ebe7ed72fda560d16136bc95290e163835ff4253f1710b
SSDEEP

3072:VBJE40+j3315rZhom7jhG6Wt800j9a1HBA+iZ7I:fCF+/XoVGHj9Qhu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1840	Bnabua.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\Bnabua.exe	3f5150071c3d150a05841d0441146f3d.exe
File opened for modification	C:\Windows\Bnabua.exe	3f5150071c3d150a05841d0441146f3d.exe
File created	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	Bnabua.exe
File opened for modification	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	Bnabua.exe
File created	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	3f5150071c3d150a05841d0441146f3d.exe
File opened for modification	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	3f5150071c3d150a05841d0441146f3d.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe
1840	Bnabua.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4928	3f5150071c3d150a05841d0441146f3d.exe
1840	Bnabua.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 1840	4928	3f5150071c3d150a05841d0441146f3d.exe	96
PID 4928 wrote to memory of 1840	4928	3f5150071c3d150a05841d0441146f3d.exe	96
PID 4928 wrote to memory of 1840	4928	3f5150071c3d150a05841d0441146f3d.exe	96

C:\Users\Admin\AppData\Local\Temp\3f5150071c3d150a05841d0441146f3d.exe
"C:\Users\Admin\AppData\Local\Temp\3f5150071c3d150a05841d0441146f3d.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Windows\Bnabua.exe
  C:\Windows\Bnabua.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Bnabua.exe

Filesize
167KB

MD5
3f5150071c3d150a05841d0441146f3d

SHA1
f2e83d34bb89b1e6bf94cb4f15f5e6a1e5385c2d

SHA256
af7453257601177a1f14dcb97ad0bbfafbf248c47eb03d7c591c2b86f3fa7647

SHA512
003972fa47abc8db1a96eca81001ce799bc48abbe51ad0d3d55195d4a6df0c957c20fa3644270f2a81ebe7ed72fda560d16136bc95290e163835ff4253f1710b

Download Submit
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

Filesize
362B

MD5
853093555b134e6e597064092a5ee78e

SHA1
9082085c9bb1183e13742c56b7bbec9b4388f84d

SHA256
d4f517178496b8bc86e8988e38ac81b58b51e4935581667267fd8dc85d565587

SHA512
4e14ecc486955caa5e2cf4da6c377131d516f2ee081132efe655970ec123cade4b5ef4a402eb812fd620c9016c8aa8a91cfd617f7d8d297a40a5bd7886407372

Download Submit
memory/1840-25635-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1840-17956-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1840-70092-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1840-62072-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1840-54061-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1840-12-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1840-46433-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1840-41353-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1840-2779-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1840-33646-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1840-10283-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1840-14031-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4928-7116-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4928-0-0x0000000002190000-0x000000000219C000-memory.dmp

Filesize
48KB

Download
memory/4928-3-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4928-2777-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4928-1-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4928-2-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4928-8-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4928-6-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download