babadeda | 750c447d6e3c7d74ccab736a0082ef437b1cd2000d761d3aff2b73227457b29c | Triage

Analysis

max time kernel
121s
max time network
138s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 11:54

Sharing

Report Analysis Logs

General

Target

wxwidgetsforms2.dll
Size

2.0MB
MD5

9e11ac70407744bea597411f505d16b8
SHA1

90fddf31c2def7b655742a0f98181ee47b2835c8
SHA256

69977ef94e7abde5e40ebb1b2d639e3ae396c831a0b8671bdcd141f5f101a344
SHA512

fb68fa59897d95d1a909fcb32876efcc53880fbb804ad3ebbc97fbd4eee0cf4364f43517e92245754975a1c00ecca032b06efa03791d7179f1eb6d08620cde64
SSDEEP

49152:qjvkBzUXDVXBAUZLYa2WhKuoGaX0nCTETl:ovkBgXJBAUZLf

Score

10^/10

babadeda crypter loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 2 IoCs

resource	yara_rule
behavioral20/memory/2872-0-0x0000000002780000-0x0000000004880000-memory.dmp	family_babadeda
behavioral20/memory/2872-8-0x0000000002780000-0x0000000004880000-memory.dmp	family_babadeda

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2872	2324	rundll32.exe	28
PID 2324 wrote to memory of 2872	2324	rundll32.exe	28
PID 2324 wrote to memory of 2872	2324	rundll32.exe	28
PID 2324 wrote to memory of 2872	2324	rundll32.exe	28
PID 2324 wrote to memory of 2872	2324	rundll32.exe	28
PID 2324 wrote to memory of 2872	2324	rundll32.exe	28
PID 2324 wrote to memory of 2872	2324	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\wxwidgetsforms2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\wxwidgetsforms2.dll,#1
  2⤵
  PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2872-0-0x0000000002780000-0x0000000004880000-memory.dmp

Filesize
33.0MB

Download
memory/2872-7-0x00000000001F0000-0x00000000001FE000-memory.dmp

Filesize
56KB

Download
memory/2872-8-0x0000000002780000-0x0000000004880000-memory.dmp

Filesize
33.0MB

Download