Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08/03/2024, 06:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bab11601f72419010ada70a4ea0061f5.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
bab11601f72419010ada70a4ea0061f5.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
bab11601f72419010ada70a4ea0061f5.exe
-
Size
241KB
-
MD5
bab11601f72419010ada70a4ea0061f5
-
SHA1
ffe83f349ee0e91fbff785847c843ff13aa4da3b
-
SHA256
4e9cba71eeac46bdde5e740b1be94742300d28ffa6b54c7df002c74a4bcc9057
-
SHA512
6ca2b7ffb7fdf38d9bf2804248ac870555f660c3a6995169f94071db247f60eefa8ebb68c7f4263db86eb32b4184ac1b4c51e97a6fb2b6f096d0748ce7f25e33
-
SSDEEP
6144:XiT6oIFoxAI3Zu4IXULdVuzuLRboVl2Slt:XwI2g4rxVouKO
Score
6/10
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\E: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\G: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\I: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\L: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\M: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\R: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\S: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\Y: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\H: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\N: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\V: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\Z: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\J: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\P: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\Q: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\T: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\W: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\X: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\K: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\O: bab11601f72419010ada70a4ea0061f5.exe File opened (read-only) \??\U: bab11601f72419010ada70a4ea0061f5.exe -
Drops file in Program Files directory 29 IoCs
description ioc Process File opened for modification C:\Program Files\7-Zip\7z.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\DVD Maker\DVDMaker.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe bab11601f72419010ada70a4ea0061f5.exe File created C:\Program Files\7-Zip\Uninstall.ivr bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Internet Explorer\iexplore.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\7-Zip\7zG.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe bab11601f72419010ada70a4ea0061f5.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe bab11601f72419010ada70a4ea0061f5.exe -
Modifies registry class 8 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SoundRec bab11601f72419010ada70a4ea0061f5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SoundRec\protocol bab11601f72419010ada70a4ea0061f5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SoundRec\protocol\StdExecute bab11601f72419010ada70a4ea0061f5.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SoundRec\protocol\StdExecute\server\ = "sndrec32.exe" bab11601f72419010ada70a4ea0061f5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SoundRec\protocol\StdFileEditing\server bab11601f72419010ada70a4ea0061f5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SoundRec\protocol\StdFileEditing bab11601f72419010ada70a4ea0061f5.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SoundRec\protocol\StdFileEditing\server\ = "sndrec32.exe" bab11601f72419010ada70a4ea0061f5.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SoundRec\protocol\StdExecute\server bab11601f72419010ada70a4ea0061f5.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1640 bab11601f72419010ada70a4ea0061f5.exe