bb1e00d04a43f4528ed73fc26a18de995fff208ed648bbfee1eedd81b4486e50

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d8f3af92ccd8d6d0a1118a4b79b4bb6.exe
Size

600KB
MD5

1d8f3af92ccd8d6d0a1118a4b79b4bb6
SHA1

fb2407f5ab6c18141d8244ab78a3d93b086b0b3a
SHA256

bb1e00d04a43f4528ed73fc26a18de995fff208ed648bbfee1eedd81b4486e50
SHA512

d01d2fdc20b8f74b133bbb0f5b1f2b43681adab766cd447da12bc78868e0d2ca6c9f449ac8e5d3af6b24256794798b35b9211b092e9068cfc7fdde7f24bd5dae
SSDEEP

12288:AOnoWBoOgkUo+5WJSOTcxIEGpzK6FSkFvTAeF0CxYgdbWzNs:AO7oOH+QhL5pzvMenYE2s

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2952	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2896	bbnb1.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\bbnb1.exe	1d8f3af92ccd8d6d0a1118a4b79b4bb6.exe
File opened for modification	C:\Windows\SysWOW64\bbnb1.exe	1d8f3af92ccd8d6d0a1118a4b79b4bb6.exe
File opened for modification	C:\Windows\SysWOW64\ieapfltr.dat	1d8f3af92ccd8d6d0a1118a4b79b4bb6.exe
File opened for modification	C:\Windows\SysWOW64\bbnb1.exe	bbnb1.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Delete.bat	1d8f3af92ccd8d6d0a1118a4b79b4bb6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2952	1912	1d8f3af92ccd8d6d0a1118a4b79b4bb6.exe	29
PID 1912 wrote to memory of 2952	1912	1d8f3af92ccd8d6d0a1118a4b79b4bb6.exe	29
PID 1912 wrote to memory of 2952	1912	1d8f3af92ccd8d6d0a1118a4b79b4bb6.exe	29
PID 1912 wrote to memory of 2952	1912	1d8f3af92ccd8d6d0a1118a4b79b4bb6.exe	29

C:\Users\Admin\AppData\Local\Temp\1d8f3af92ccd8d6d0a1118a4b79b4bb6.exe
"C:\Users\Admin\AppData\Local\Temp\1d8f3af92ccd8d6d0a1118a4b79b4bb6.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\Delete.bat
  2⤵
  - Deletes itself
  PID:2952

C:\Windows\SysWOW64\bbnb1.exe
C:\Windows\SysWOW64\bbnb1.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Delete.bat

Filesize
186B

MD5
59f23f71dc646fc096ef75830cc451d7

SHA1
220272125b2e0b3f4fd14c9e0176da1d8524e880

SHA256
30f499dad83e949b37b43f475afef07c9da842a870e1901860177e84e4777dfb

SHA512
dd4c605ecc3919ec6b934efb38b10d0d615c2fd864f0a94e2c6da8f8c013223b490db1782c20d597cb2964fb2035a9461c984e6923bc2516e8edcf047e9ec1a3

Download Submit
C:\Windows\SysWOW64\bbnb1.exe

Filesize
600KB

MD5
1d8f3af92ccd8d6d0a1118a4b79b4bb6

SHA1
fb2407f5ab6c18141d8244ab78a3d93b086b0b3a

SHA256
bb1e00d04a43f4528ed73fc26a18de995fff208ed648bbfee1eedd81b4486e50

SHA512
d01d2fdc20b8f74b133bbb0f5b1f2b43681adab766cd447da12bc78868e0d2ca6c9f449ac8e5d3af6b24256794798b35b9211b092e9068cfc7fdde7f24bd5dae

Download Submit
memory/1912-11-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download
memory/1912-4-0x0000000001D50000-0x0000000001D51000-memory.dmp

Filesize
4KB

Download
memory/1912-25-0x0000000003250000-0x0000000003251000-memory.dmp

Filesize
4KB

Download
memory/1912-29-0x0000000003150000-0x0000000003153000-memory.dmp

Filesize
12KB

Download
memory/1912-28-0x0000000003250000-0x0000000003251000-memory.dmp

Filesize
4KB

Download
memory/1912-27-0x0000000003250000-0x0000000003251000-memory.dmp

Filesize
4KB

Download
memory/1912-26-0x0000000003250000-0x0000000003251000-memory.dmp

Filesize
4KB

Download
memory/1912-24-0x0000000003250000-0x0000000003251000-memory.dmp

Filesize
4KB

Download
memory/1912-23-0x0000000003250000-0x0000000003251000-memory.dmp

Filesize
4KB

Download
memory/1912-22-0x0000000003250000-0x0000000003251000-memory.dmp

Filesize
4KB

Download
memory/1912-21-0x0000000003250000-0x0000000003251000-memory.dmp

Filesize
4KB

Download
memory/1912-20-0x0000000003250000-0x0000000003251000-memory.dmp

Filesize
4KB

Download
memory/1912-19-0x0000000003250000-0x0000000003251000-memory.dmp

Filesize
4KB

Download
memory/1912-18-0x0000000003150000-0x0000000003151000-memory.dmp

Filesize
4KB

Download
memory/1912-17-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download
memory/1912-16-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download
memory/1912-15-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download
memory/1912-14-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download
memory/1912-13-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download
memory/1912-12-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download
memory/1912-9-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download
memory/1912-0-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download
memory/1912-10-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download
memory/1912-8-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download
memory/1912-7-0x0000000001E20000-0x0000000001E21000-memory.dmp

Filesize
4KB

Download
memory/1912-6-0x0000000001DD0000-0x0000000001DD1000-memory.dmp

Filesize
4KB

Download
memory/1912-5-0x0000000001E00000-0x0000000001E01000-memory.dmp

Filesize
4KB

Download
memory/1912-3-0x0000000001D60000-0x0000000001D61000-memory.dmp

Filesize
4KB

Download
memory/1912-30-0x0000000003140000-0x0000000003146000-memory.dmp

Filesize
24KB

Download
memory/1912-35-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1912-36-0x0000000003170000-0x0000000003171000-memory.dmp

Filesize
4KB

Download
memory/1912-34-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/1912-33-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1912-32-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1912-31-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download
memory/1912-39-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/1912-2-0x0000000001DB0000-0x0000000001DB1000-memory.dmp

Filesize
4KB

Download
memory/1912-55-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download
memory/1912-56-0x0000000001CF0000-0x0000000001D4A000-memory.dmp

Filesize
360KB

Download
memory/1912-1-0x0000000001CF0000-0x0000000001D4A000-memory.dmp

Filesize
360KB

Download
memory/2896-45-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download
memory/2896-46-0x0000000000580000-0x00000000005DA000-memory.dmp

Filesize
360KB

Download
memory/2896-42-0x0000000000580000-0x00000000005DA000-memory.dmp

Filesize
360KB

Download
memory/2896-41-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads