9cf4cf3e844c661f665c7590ef7f2d5eddc98266d96ee49be848fc74763a752a

Analysis

max time kernel
100s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

balamod-v0.1.11-windows.exe
Size

8.2MB
MD5

d194a51f786491f5fc0787209109abb0
SHA1

59c77ef1167f2bf8c4f9abcd7494cefb4a84f012
SHA256

9cf4cf3e844c661f665c7590ef7f2d5eddc98266d96ee49be848fc74763a752a
SHA512

2ca03242cb12f3743908a5d2e7f4e019bd2f50bc9c851b15e21d8ced6e711bad1761f7cf960a94b54073a63d9203f7edd7878f64ed86a81b59e2bc8f79ed3bc0
SSDEEP

98304:F2XuPw0YYLLvBV4yzQAaQLKMzYOZ4ZBZveDgUAgV0:ux0j4tQmMp4ZCu

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
528	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3660	mspaint.exe
3660	mspaint.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
528	vlc.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
528	vlc.exe
528	vlc.exe
528	vlc.exe
528	vlc.exe
528	vlc.exe
528	vlc.exe
528	vlc.exe
528	vlc.exe
528	vlc.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
528	vlc.exe
528	vlc.exe
528	vlc.exe
528	vlc.exe
528	vlc.exe
528	vlc.exe
528	vlc.exe
528	vlc.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3660	mspaint.exe
3660	mspaint.exe
3660	mspaint.exe
3660	mspaint.exe
528	vlc.exe

C:\Users\Admin\AppData\Local\Temp\balamod-v0.1.11-windows.exe
"C:\Users\Admin\AppData\Local\Temp\balamod-v0.1.11-windows.exe"
1⤵
PID:808

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\SplitRegister.dib"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3660

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1508

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ProtectUnlock.mov"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/528-9-0x00007FF6ED160000-0x00007FF6ED258000-memory.dmp

Filesize
992KB

Download
memory/528-10-0x00007FF993240000-0x00007FF993274000-memory.dmp

Filesize
208KB

Download
memory/528-11-0x00007FF97FAE0000-0x00007FF97FD94000-memory.dmp

Filesize
2.7MB

Download
memory/528-12-0x00007FF98F9C0000-0x00007FF98F9D8000-memory.dmp

Filesize
96KB

Download
memory/528-13-0x00007FF98F9A0000-0x00007FF98F9B7000-memory.dmp

Filesize
92KB

Download
memory/528-14-0x00007FF98F8B0000-0x00007FF98F8C1000-memory.dmp

Filesize
68KB

Download
memory/528-15-0x00007FF98F1D0000-0x00007FF98F1E7000-memory.dmp

Filesize
92KB

Download
memory/528-16-0x00007FF98F1B0000-0x00007FF98F1C1000-memory.dmp

Filesize
68KB

Download
memory/528-17-0x00007FF98F190000-0x00007FF98F1AD000-memory.dmp

Filesize
116KB

Download
memory/528-18-0x00007FF98EFF0000-0x00007FF98F001000-memory.dmp

Filesize
68KB

Download
memory/528-19-0x00007FF97F8E0000-0x00007FF97FAE0000-memory.dmp

Filesize
2.0MB

Download
memory/528-20-0x00007FF97E0B0000-0x00007FF97F15B000-memory.dmp

Filesize
16.7MB

Download
memory/528-22-0x00007FF98EE70000-0x00007FF98EE91000-memory.dmp

Filesize
132KB

Download
memory/528-21-0x00007FF98EFB0000-0x00007FF98EFEF000-memory.dmp

Filesize
252KB

Download
memory/528-23-0x00007FF98ECD0000-0x00007FF98ECE8000-memory.dmp

Filesize
96KB

Download
memory/528-24-0x00007FF98B5C0000-0x00007FF98B5D1000-memory.dmp

Filesize
68KB

Download
memory/528-25-0x00007FF98B5A0000-0x00007FF98B5B1000-memory.dmp

Filesize
68KB

Download
memory/528-26-0x00007FF986560000-0x00007FF986571000-memory.dmp

Filesize
68KB

Download
memory/528-27-0x00007FF986540000-0x00007FF98655B000-memory.dmp

Filesize
108KB

Download
memory/528-28-0x00007FF986520000-0x00007FF986531000-memory.dmp

Filesize
68KB

Download
memory/528-29-0x00007FF981280000-0x00007FF981298000-memory.dmp

Filesize
96KB

Download
memory/528-30-0x00007FF980EB0000-0x00007FF980EE0000-memory.dmp

Filesize
192KB

Download
memory/528-31-0x00007FF980E40000-0x00007FF980EA7000-memory.dmp

Filesize
412KB

Download
memory/528-32-0x00007FF980930000-0x00007FF98099F000-memory.dmp

Filesize
444KB

Download
memory/528-33-0x00007FF980E20000-0x00007FF980E31000-memory.dmp

Filesize
68KB

Download
memory/528-34-0x00007FF97F880000-0x00007FF97F8D6000-memory.dmp

Filesize
344KB

Download
memory/528-35-0x00007FF980900000-0x00007FF980928000-memory.dmp

Filesize
160KB

Download
memory/528-45-0x00007FF97F740000-0x00007FF97F76C000-memory.dmp

Filesize
176KB

Download
memory/528-44-0x00007FF97DF70000-0x00007FF97E0AB000-memory.dmp

Filesize
1.2MB

Download
memory/528-43-0x00007FF97F770000-0x00007FF97F782000-memory.dmp

Filesize
72KB

Download
memory/528-46-0x00007FF97DDB0000-0x00007FF97DF62000-memory.dmp

Filesize
1.7MB

Download
memory/528-42-0x00007FF97F790000-0x00007FF97F7A3000-memory.dmp

Filesize
76KB

Download
memory/528-47-0x00007FF97F6E0000-0x00007FF97F73C000-memory.dmp

Filesize
368KB

Download
memory/528-41-0x00007FF97F7B0000-0x00007FF97F7D1000-memory.dmp

Filesize
132KB

Download
memory/528-48-0x00007FF97F6C0000-0x00007FF97F6D1000-memory.dmp

Filesize
68KB

Download
memory/528-40-0x00007FF97F7E0000-0x00007FF97F7F2000-memory.dmp

Filesize
72KB

Download
memory/528-39-0x00007FF97F800000-0x00007FF97F811000-memory.dmp

Filesize
68KB

Download
memory/528-38-0x00007FF97F820000-0x00007FF97F843000-memory.dmp

Filesize
140KB

Download
memory/528-37-0x00007FF980E00000-0x00007FF980E17000-memory.dmp

Filesize
92KB

Download
memory/528-49-0x00007FF97DD10000-0x00007FF97DDA7000-memory.dmp

Filesize
604KB

Download
memory/528-36-0x00007FF97F850000-0x00007FF97F874000-memory.dmp

Filesize
144KB

Download
memory/528-50-0x00007FF97DCF0000-0x00007FF97DD02000-memory.dmp

Filesize
72KB

Download
memory/528-51-0x00007FF97DAB0000-0x00007FF97DCE1000-memory.dmp

Filesize
2.2MB

Download
memory/528-56-0x00007FF97D890000-0x00007FF97D8F1000-memory.dmp

Filesize
388KB

Download
memory/528-55-0x00007FF97D900000-0x00007FF97D911000-memory.dmp

Filesize
68KB

Download
memory/528-59-0x00007FF97D830000-0x00007FF97D843000-memory.dmp

Filesize
76KB

Download
memory/528-61-0x00007FF97D770000-0x00007FF97D781000-memory.dmp

Filesize
68KB

Download
memory/528-62-0x00007FF97D660000-0x00007FF97D762000-memory.dmp

Filesize
1.0MB

Download
memory/528-63-0x00007FF97D640000-0x00007FF97D651000-memory.dmp

Filesize
68KB

Download
memory/528-64-0x00007FF97D620000-0x00007FF97D631000-memory.dmp

Filesize
68KB

Download
memory/528-60-0x00007FF97D790000-0x00007FF97D82F000-memory.dmp

Filesize
636KB

Download
memory/528-65-0x00007FF97D600000-0x00007FF97D611000-memory.dmp

Filesize
68KB

Download
memory/528-66-0x00007FF97D5E0000-0x00007FF97D5F2000-memory.dmp

Filesize
72KB

Download
memory/528-67-0x00007FF97D5C0000-0x00007FF97D5D8000-memory.dmp

Filesize
96KB

Download
memory/528-57-0x00007FF97D870000-0x00007FF97D881000-memory.dmp

Filesize
68KB

Download
memory/528-58-0x00007FF97D850000-0x00007FF97D862000-memory.dmp

Filesize
72KB

Download
memory/528-54-0x00007FF97D920000-0x00007FF97D945000-memory.dmp

Filesize
148KB

Download
memory/528-53-0x00007FF97D950000-0x00007FF97D985000-memory.dmp

Filesize
212KB

Download
memory/528-52-0x00007FF97D990000-0x00007FF97DAA2000-memory.dmp

Filesize
1.1MB

Download
memory/528-71-0x00007FF97D530000-0x00007FF97D541000-memory.dmp

Filesize
68KB

Download
memory/528-70-0x00007FF97D550000-0x00007FF97D562000-memory.dmp

Filesize
72KB

Download
memory/528-69-0x00007FF97D570000-0x00007FF97D599000-memory.dmp

Filesize
164KB

Download
memory/528-68-0x00007FF97D5A0000-0x00007FF97D5B6000-memory.dmp

Filesize
88KB

Download
memory/808-0-0x00007FF7B8420000-0x00007FF7B8B54000-memory.dmp

Filesize
7.2MB

Download