cdddb70fc2836d52d8fe97b8bf301ffb9386ca7fe611b5a4b8bc055f9d344cc1

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

byebyefronbypass.exe
Size

17.9MB
MD5

b5128526be8a6b02a0ea3dcb4bef1478
SHA1

18ebaf313817a11509c88b56c21fee3153d2355b
SHA256

cdddb70fc2836d52d8fe97b8bf301ffb9386ca7fe611b5a4b8bc055f9d344cc1
SHA512

05b68778d5c33c6e2b1109d6886a1e859ed8430a7b3a5a7e7c9fe3cfd6699a5b48505502097e61aad9f4b4def7c8b1c2f6ce94cc2cc5ace6be13a22e2520592f
SSDEEP

393216:/PuxYjFHQAmcWBfVuQaFMR8D7fwveOn92/wnMU+j5QzFeY:/Pux6F2Bf5aFMR8DoewQW650F

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2916	incognito.exe

Loads dropped DLL 2 IoCs

pid	Process
2032	byebyefronbypass.exe
2916	incognito.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2916	2032	byebyefronbypass.exe	29
PID 2032 wrote to memory of 2916	2032	byebyefronbypass.exe	29
PID 2032 wrote to memory of 2916	2032	byebyefronbypass.exe	29

C:\Users\Admin\AppData\Local\Temp\byebyefronbypass.exe
"C:\Users\Admin\AppData\Local\Temp\byebyefronbypass.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Users\Admin\AppData\Local\Temp\onefile_2032_133610890624894000\incognito.exe
  "C:\Users\Admin\AppData\Local\Temp\byebyefronbypass.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2032_133610890624894000\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2032_133610890624894000\incognito.exe

Filesize
30.3MB

MD5
46191afb95c6fa94819ad41a7e8db3d1

SHA1
0a09f7aa968622bb82466fd9ed6d690d601eb620

SHA256
8c22daf73e7b7ab73575bd24761720c0e6c8a7e653805c025a7b01cfd04aa9ad

SHA512
f6b97a30ffe0219a8d1c261d3c5a61a54500525d1fd09ffad759ca26b83cd2975c794662db841b43bf519a80324ba4d3021e866a0eb7ce394b3cedf2d20cefb8

Download Submit