Overview

overview

10

Static

static

1

BaffFree (1).rar

windows7-x64

10

BaffFree (1).rar

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-03-2024 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BaffFree (1).rar

  • Size

    14.0MB

  • MD5

    1d5acc5687edcd169ff1f668fb614668

  • SHA1

    5ef489cd47893a888286c8cfc5cf565945c44628

  • SHA256

    d4f5d067ff567af50017ad3f0997b6aaea6fc8e3305adf57de560e03536e8e86

  • SHA512

    8aaff2444d1bc3b308e0aa9761e97f3dd497df76a1fe68bb11560e06d2f73297c1fcf1bce74e0bab1e016ef52109a45c995ce750a3be5fde0cf6a75ee4c9b7d1

  • SSDEEP

    196608:7nw75pSvvDy2bpmAa72xIvRt5snPdFK5Jdr9hj+i4etUqUFc/muT8EgJHZtmiC:7wCXbi7EIvRmPdFIhjF4eGnuT4DmP

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\BaffFree (1).rar"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:5028
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\BaffFree (1).rar"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:5112
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4752
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4752 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1228
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" C:\Users\Admin\Desktop\DisconnectSend.vst
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver1999.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • memory/2032-5-0x00007FF69DE90000-0x00007FF69DF88000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2032-6-0x00007FFD865C0000-0x00007FFD865F4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2032-7-0x00007FFD744D0000-0x00007FFD74784000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2032-8-0x00007FFD868F0000-0x00007FFD86908000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2032-9-0x00007FFD86280000-0x00007FFD86297000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2032-10-0x00007FFD85A60000-0x00007FFD85A71000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-11-0x00007FFD85750000-0x00007FFD85767000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2032-12-0x00007FFD7CB60000-0x00007FFD7CB7D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2032-13-0x00007FFD770C0000-0x00007FFD770D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-14-0x00007FFD742D0000-0x00007FFD744D0000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2032-15-0x00007FFD75750000-0x00007FFD7578F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2032-16-0x00007FFD76740000-0x00007FFD76761000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2032-17-0x00007FFD75730000-0x00007FFD75748000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2032-18-0x00007FFD75710000-0x00007FFD75721000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-19-0x00007FFD756F0000-0x00007FFD75701000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-20-0x00007FFD74E20000-0x00007FFD74E31000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-21-0x00007FFD74E00000-0x00007FFD74E1B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2032-22-0x00007FFD74DE0000-0x00007FFD74DF1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-23-0x00007FFD74DC0000-0x00007FFD74DD8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2032-24-0x00007FFD742A0000-0x00007FFD742D0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2032-25-0x00007FFD74230000-0x00007FFD74297000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2032-26-0x00007FFD72CC0000-0x00007FFD73D6B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2032-27-0x00007FFD741C0000-0x00007FFD7422F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/2032-28-0x00007FFD72CA0000-0x00007FFD72CB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-29-0x00007FFD72C40000-0x00007FFD72C96000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2032-30-0x00007FFD72C10000-0x00007FFD72C38000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2032-31-0x00007FFD72BE0000-0x00007FFD72C04000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2032-33-0x00007FFD72B90000-0x00007FFD72BB3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2032-32-0x00007FFD72BC0000-0x00007FFD72BD7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2032-34-0x00007FFD72B70000-0x00007FFD72B81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-36-0x00007FFD72B20000-0x00007FFD72B41000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2032-35-0x00007FFD72B50000-0x00007FFD72B62000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2032-37-0x00007FFD72B00000-0x00007FFD72B13000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2032-38-0x00007FFD72AE0000-0x00007FFD72AF2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2032-39-0x00007FFD729A0000-0x00007FFD72ADB000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2032-40-0x00007FFD72970000-0x00007FFD7299C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2032-41-0x00007FFD727B0000-0x00007FFD72962000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2032-42-0x00007FFD72750000-0x00007FFD727AC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2032-43-0x00007FFD72730000-0x00007FFD72741000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-44-0x00007FFD72690000-0x00007FFD72727000-memory.dmp

    Filesize

    604KB

    Download

  • memory/2032-45-0x00007FFD72670000-0x00007FFD72682000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2032-46-0x00007FFD72430000-0x00007FFD72661000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2032-47-0x00007FFD72310000-0x00007FFD72422000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2032-48-0x00007FFD722D0000-0x00007FFD72305000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2032-49-0x00007FFD722A0000-0x00007FFD722C5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/2032-50-0x00007FFD72280000-0x00007FFD72291000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-51-0x00007FFD72210000-0x00007FFD72271000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2032-53-0x00007FFD721D0000-0x00007FFD721E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2032-52-0x00007FFD721F0000-0x00007FFD72201000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-55-0x00007FFD72110000-0x00007FFD721AF000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2032-54-0x00007FFD721B0000-0x00007FFD721C3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2032-56-0x00007FFD720F0000-0x00007FFD72101000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-57-0x00007FFD71FE0000-0x00007FFD720E2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2032-59-0x00007FFD71FA0000-0x00007FFD71FB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-60-0x00007FFD71F80000-0x00007FFD71F91000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-58-0x00007FFD71FC0000-0x00007FFD71FD1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-61-0x00007FFD71F60000-0x00007FFD71F72000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2032-62-0x00007FFD71F40000-0x00007FFD71F58000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2032-63-0x00007FFD71F20000-0x00007FFD71F36000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2032-64-0x00007FFD71EF0000-0x00007FFD71F19000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2032-65-0x00007FFD71ED0000-0x00007FFD71EE2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2032-66-0x00007FFD71EB0000-0x00007FFD71EC1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-67-0x00007FFD71E90000-0x00007FFD71EA1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2032-68-0x00007FFD71E70000-0x00007FFD71E81000-memory.dmp

    Filesize

    68KB

    Download