Overview

overview

6

Static

static

3

ba61399ba2...0f.exe

windows7-x64

6

ba61399ba2...0f.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2024, 03:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba61399ba2b51cbaf21687dceca9570f.exe

  • Size

    716KB

  • MD5

    ba61399ba2b51cbaf21687dceca9570f

  • SHA1

    ac08c0fef830562ff3d7f4a727ce04139d48e172

  • SHA256

    15c675081668a4222bbd8fee164e152afb1f268e954ed1689977c5de15960322

  • SHA512

    d949200d49f5e8fef423fd83cd4bb85070c5c156584f7e977f4729d65f5b032c2469c98a14ee560387739786f281410e6098af8515722f4d47d866124a7651ac

  • SSDEEP

    12288:unWWxehFsKabZza2LNEi6xGk9lsDPymMHhiLRRiqWu94yCVjvRXLmVBvCZWrF0bG:undZDFz7V6xGHTMHhiLwF/vlW

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba61399ba2b51cbaf21687dceca9570f.exe
    "C:\Users\Admin\AppData\Local\Temp\ba61399ba2b51cbaf21687dceca9570f.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3460
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCnN0jmCX6GJjElAjOTUjyHg
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:5080
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff849fc46f8,0x7ff849fc4708,0x7ff849fc4718
        3⤵
          PID:3508
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15698202261726138367,3327546406448461893,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
          3⤵
            PID:2136
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,15698202261726138367,3327546406448461893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4468
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,15698202261726138367,3327546406448461893,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
            3⤵
              PID:4876
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15698202261726138367,3327546406448461893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
              3⤵
                PID:2812
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15698202261726138367,3327546406448461893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                3⤵
                  PID:1104
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15698202261726138367,3327546406448461893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
                  3⤵
                    PID:3960
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15698202261726138367,3327546406448461893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
                    3⤵
                      PID:892
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15698202261726138367,3327546406448461893,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
                      3⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1612
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15698202261726138367,3327546406448461893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                      3⤵
                        PID:4288
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15698202261726138367,3327546406448461893,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                        3⤵
                          PID:3448
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15698202261726138367,3327546406448461893,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
                          3⤵
                            PID:5192
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15698202261726138367,3327546406448461893,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
                            3⤵
                              PID:5200
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15698202261726138367,3327546406448461893,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5572 /prefetch:2
                              3⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3576
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1728
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3080

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              e0811105475d528ab174dfdb69f935f3

                              SHA1

                              dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

                              SHA256

                              c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

                              SHA512

                              8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              47b2c6613360b818825d076d14c051f7

                              SHA1

                              7df7304568313a06540f490bf3305cb89bc03e5c

                              SHA256

                              47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

                              SHA512

                              08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              216B

                              MD5

                              e12564a9d8b98124a43c54e4a1fc13ce

                              SHA1

                              b65c89ac4342f00a10cbcb366a10dd3396922993

                              SHA256

                              8954fbe887472293af87813a7c0f1b06ae92120b9b7f45290b35db26e08b1cf3

                              SHA512

                              c71564d7f8aa54640a33d57a94c087f14e3a18a5b78bf5141eb92af22cb6382c264a70fc1a893c254fa7dc375286fc262f6f752595fb8b1494dbf882a59644bb

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              1KB

                              MD5

                              760f70f9ca7241336e5a91ae1b259a9a

                              SHA1

                              ed731d15b7bb380e7a807c5df8b99b5729c56c6c

                              SHA256

                              dbbedaa6ee1f31a46e9021951135e99ab4b2eff4c6b2281acf5dcfc9ebffe468

                              SHA512

                              cfcee761af78b942c1e665603a374a81a0b2425b3f098b49fef537eb08df9c44faf4ea93df0c9b0d053e521c4213967bc6ee2c2c84ac4a4b0ab37b681503e13c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              1KB

                              MD5

                              d349c6f47df1e5853007e80077fad6c1

                              SHA1

                              ece5875bc2b49fbe8a2c68e8d1ec8d16d92d4fa6

                              SHA256

                              d5f00b315c03523f8d1f07036f9807895d98bcd57d2b9a145c6c5a847981f26d

                              SHA512

                              721e018b7ddbe22a3587870b6bdc067488330b676787265a5fb4950641e019f19971c9b45428f0dc3ebb72a28658e2ab7d62564d1f78250a243827afb51f4420

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              d36be85a478f9b2b658f4fdbd9cd181e

                              SHA1

                              65231623990c03473b642d544bf7b6a347b1eb46

                              SHA256

                              0a34d7736ebbe32325fa6ec8543d4a011f70bc233760ac38a92a3bbfd07cafed

                              SHA512

                              98fb1f8cf9bc40e4c3f3a30248e5329015ee995559ab2f7733be3fbedabefcf982853a3b5a3d46cded60d00c7c60e3e3c27b75910e4ba68cc41731ef7ce0cc6a

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              78920c587883cdd066b04ea796c62509

                              SHA1

                              4ea7dbea7a14bfe8004bea626b37e69d18e30b50

                              SHA256

                              5e2ecddfa47fcb5381e9527c03972e294c251517352f8fc6bac1b90a084e2636

                              SHA512

                              df913bd40192ab6534f4c268b708d9904a2813e81d7436e2f6f7d6d6230843296d9b2236502d04105e0ac738104e75669c2b14ee34b9fa7ff4cd4ee535246e97

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              11KB

                              MD5

                              edad65b41a37b45606993cfd2ee1f7d3

                              SHA1

                              7e9d837b79dd3e2f6200a4f35d39d2c42c6d5d42

                              SHA256

                              f8728af6a0b444b39c10457125b3ac91765d443b30380ce88cd68e59cce26558

                              SHA512

                              c30ba1fafc14c98ddfd608d25674ebe82c257ad40ff61d5b3d7e0b560a20222aafe49c75150f983a479593cc536e323e673ce83d3c1c9aece917359232da9164

                              Download Submit

                            • memory/3460-5-0x000000000A040000-0x000000000A5E4000-memory.dmp

                              Filesize

                              5.6MB

                              Download

                            • memory/3460-12-0x0000000074D60000-0x0000000075510000-memory.dmp

                              Filesize

                              7.7MB

                              Download

                            • memory/3460-9-0x0000000005230000-0x0000000005240000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/3460-8-0x00000000055D0000-0x0000000005626000-memory.dmp

                              Filesize

                              344KB

                              Download

                            • memory/3460-7-0x0000000005380000-0x000000000538A000-memory.dmp

                              Filesize

                              40KB

                              Download

                            • memory/3460-6-0x00000000053E0000-0x0000000005472000-memory.dmp

                              Filesize

                              584KB

                              Download

                            • memory/3460-0-0x00000000007A0000-0x000000000085A000-memory.dmp

                              Filesize

                              744KB

                              Download

                            • memory/3460-4-0x00000000099F0000-0x0000000009A8C000-memory.dmp

                              Filesize

                              624KB

                              Download

                            • memory/3460-3-0x0000000005230000-0x0000000005240000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/3460-2-0x00000000076C0000-0x0000000007754000-memory.dmp

                              Filesize

                              592KB

                              Download

                            • memory/3460-1-0x0000000074D60000-0x0000000075510000-memory.dmp

                              Filesize

                              7.7MB

                              Download