56b4f307126f78e16ac2ad2e4044de61cb207864bf194ba6702108cb65475369

Analysis

max time kernel
1s
max time network
6s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BayROB.exe
Size

503KB
MD5

8bc0446144142c51570da1920f2da8c1
SHA1

83c1b3ed58693f9ce5cbb710a709f23e65bff10a
SHA256

56b4f307126f78e16ac2ad2e4044de61cb207864bf194ba6702108cb65475369
SHA512

f7b747153611e183fafda84655fa4770dc6e86549484adabb88ff61b09dacc681e1696450134194323aee103e56a2931736a55f02db4afa51600df10722c9ade
SSDEEP

12288:TkREw6Rd3R2RtnRjjErWlQfNT3Dc8mLpp:Ikd3qnRXHlO53Dc8Q

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2396	rtg3z8vx3mbqoy5rffi.exe
4784	feyrckaqunib.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\dtwpxdpbhazfxll\mgdxjexf	BayROB.exe
File created	C:\Windows\dtwpxdpbhazfxll\mgdxjexf	rtg3z8vx3mbqoy5rffi.exe
File created	C:\Windows\dtwpxdpbhazfxll\mgdxjexf	feyrckaqunib.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 2396	4076	BayROB.exe	16
PID 4076 wrote to memory of 2396	4076	BayROB.exe	16
PID 4076 wrote to memory of 2396	4076	BayROB.exe	16
PID 2396 wrote to memory of 4784	2396	rtg3z8vx3mbqoy5rffi.exe	38
PID 2396 wrote to memory of 4784	2396	rtg3z8vx3mbqoy5rffi.exe	38
PID 2396 wrote to memory of 4784	2396	rtg3z8vx3mbqoy5rffi.exe	38

C:\Users\Admin\AppData\Local\Temp\BayROB.exe
"C:\Users\Admin\AppData\Local\Temp\BayROB.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4076
- C:\dtwpxdpbhazfxll\rtg3z8vx3mbqoy5rffi.exe
  "C:\dtwpxdpbhazfxll\rtg3z8vx3mbqoy5rffi.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\dtwpxdpbhazfxll\feyrckaqunib.exe
    "C:\dtwpxdpbhazfxll\feyrckaqunib.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:4784
  - - C:\dtwpxdpbhazfxll\zpneeqf.exe
      brpxpubz2l6g "c:\dtwpxdpbhazfxll\feyrckaqunib.exe"
      4⤵
      PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\dtwpxdpbhazfxll\feyrckaqunib.exe

Filesize
65KB

MD5
dc86e98dec009ec6edbf98a5a0b86769

SHA1
e1faba320c0f9beefcce32cb419f076c1eff2e82

SHA256
84c7d452811174bb90693484af587abe1c7168a99faf14dd211cff5e097bc752

SHA512
51c5a43d6337536b15633047916bf817fbe4ce032bec5ed0a11ab4460d267179ed55a2d9519a5bf0082205b727671f237c4bb859a45cd3e74a452172c30dd2bd

Download Submit
C:\dtwpxdpbhazfxll\feyrckaqunib.exe

Filesize
38KB

MD5
2d62ddcac47165998eefa6598bdcad2f

SHA1
bcca21b62f4afec48b7f480c24adad1d489437db

SHA256
726ed176196ca988ceac7f7f579bdb7e667faf8f6e73123ee99beeceb4bf6879

SHA512
5a87ef5f255df4d472abb458fd23491f29f158f9130be35e2d385947ac39f1cb2f96edac65750a37c1b4d69ac1dff4d38b098e7f6aaf14e377a051a6fb4a1a52

Download Submit
C:\dtwpxdpbhazfxll\feyrckaqunib.exe

Filesize
21KB

MD5
ce8eedbf8905312b83f69406eb22868c

SHA1
d98559b14d8b997f659236c3f4eb46e546ee5884

SHA256
2565db3468d7479ed50201c01ce9eb5b4101404494f95f6f8f972208a9018687

SHA512
638da103b659f69f95e13b0dec91a44742ef53d9155ec47e00d19decf19d5e70e54409cb68e782abb0a71abac9f8917c870427f2d9bbc4145fcc78074253d3f3

Download Submit
C:\dtwpxdpbhazfxll\mgdxjexf

Filesize
11B

MD5
47a16e63ff033d80e2e74712e2fa15aa

SHA1
7c1c8bdb1ce9d56f2f8f65293dcdb5bc610e5c8b

SHA256
cb162ee43011685063f57ef2ed7b7fd997e45121413a569a724d4eb0d38d13bc

SHA512
296e6770418461e09c18bb11e3706268c5008d9efbbacdb7d8370c3853916efd55e1e8a1a3b70fefb244efcaab1e7368f8d3ee0292347b4e3ca9e02e5f7bc6a4

Download Submit
C:\dtwpxdpbhazfxll\rtg3z8vx3mbqoy5rffi.exe

Filesize
25KB

MD5
9d4ba7ac9b92be4b47df70f94ed6eeec

SHA1
b3a08855626030bffaf0775f196425950dc31a87

SHA256
13dec64581891e5a940f88bf9ec4fc80ca85739f38bf29feb8f4e65463bf6a0a

SHA512
7697531eb8f77355d6821b9c3a5d0334bf81724e6cd098271165367a98e26e4f325f71d3a17182237806cff3e21cc4c496d80a9def6ba3cdd3a759d39fce64e0

Download Submit
C:\dtwpxdpbhazfxll\rtg3z8vx3mbqoy5rffi.exe

Filesize
35KB

MD5
79600761aa9db5948f059cfb7beffe94

SHA1
fd4e253e90e9e8ba68b8035968f3447115e252b8

SHA256
c189cf7b1a2a41cf60f181183eb6d6fd0d31958479025aad52769c47f94f927c

SHA512
37584721b20ceb83457e01470f6624b01219bf2632d6afa321110f837c6f240b9487f30cf899ad7ba0f1121b28e33cd799a2858f59a2e4234acde61aa506eae8

Download Submit
C:\dtwpxdpbhazfxll\zpneeqf.exe

Filesize
31KB

MD5
6d72064930ced99bfa47546f2cdffec5

SHA1
2cfe6ce64a6b9955f727ddd572270555d83d2b77

SHA256
2cb7504d0737098c4534986d353f1116c14fe605143497cc4eaddba3cbbd4818

SHA512
4b94bbe370e30e48617be167ef557fae147b066fd65b83a83909a62a5bc8826cb02ed565e1fedff2a02aff252aaf19ff87071f6427713d7f7c3d2eb502333c25

Download Submit
C:\dtwpxdpbhazfxll\zpneeqf.exe

Filesize
68KB

MD5
9aebfba766b94f08856117f3b10a5602

SHA1
31358396706bd9245dcebe64d5edb3d83ecf7e92

SHA256
2777d7cf1ad3bcb0c68f49cba28f85f12190228f46c693005134ab001b35571a

SHA512
39b21869ec364dfe730db2922dc820d61ac152aea6cbf7a6081d3d302d0946e3c665e72206cea22722d4c2d8440f5658affbf410d079684d60a55ee14876a1a1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads