Overview

overview

10

Static

static

10

d7615456ee...5d.exe

windows7-x64

10

d7615456ee...5d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • submitted
    19-03-2024 23:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7615456ee7bfbbe02d5a0ba8fe1de5d.exe

  • Size

    733KB

  • MD5

    d7615456ee7bfbbe02d5a0ba8fe1de5d

  • SHA1

    d80f9ff1123f6fa35b932e4f72e197ec9d2a7196

  • SHA256

    9cc2923edae327b659096643863b8c8c02d9a76a0da7c95f18cac4f1767c3540

  • SHA512

    95b37cc367cfc82cc6655253037a229b299ce246fec21faf82fa338f6c83c4a35a92983eec959c63b5731eb3cf42711fd86f93dbc75ee527f98e846372e0173d

  • SSDEEP

    12288:NqzcpVgUXzL0TTUKZHTNloEkOpnKgofuIwV6eAj0SZxxXMcEen3paPcg:NqzcpKIL0TvZzNlNky0wVW0SZxJVg

Score
10/10
babylonratdiscoverytrojan

Malware Config

Signatures

  • Babylon RAT

    Babylon RAT is remote access trojan written in C++.

    trojanbabylonrat
  • Babylonrat family
    babylonrat
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d7615456ee7bfbbe02d5a0ba8fe1de5d.exe
    "C:\Users\Admin\AppData\Local\Temp\d7615456ee7bfbbe02d5a0ba8fe1de5d.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 228
      2⤵
      • Program crash
      PID:2992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2920-0-0x00000000012C0000-0x0000000001382000-memory.dmp

    Filesize

    776KB

    Download