Overview

overview

7

Static

static

3

Bypassr Installer.exe

windows7-x64

3

Bypassr Installer.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    784s
  • max time network
    418s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-07-2024 17:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bypassr Installer.exe

  • Size

    362KB

  • MD5

    0195416544f8bb3c4d0c912570ca4707

  • SHA1

    21908e5a76f03fdfdfe18e92bd697f81c2cc178b

  • SHA256

    6965e4ef1e20cd2b218d6f98095d62ff5d91e949ede64cc5fe2805a019a56ebb

  • SHA512

    6c56f8a3a158069c64090ed524acadb373b9ad5e39131957ea4c0ba898133528160139a59ab01e586392f044a13ed0f02908965ce99cfa1ac3822f7c8a0cac09

  • SSDEEP

    1536:1SxPYiFb09RiHl3UmO0CuTO+puYx9RDHl3UmO0Cz/wVcl:1980bKpUmO0rTO+TxbjpUmO0m/qY

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Drops file in Program Files directory 11 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bypassr Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Bypassr Installer.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:556
    • C:\Program Files (x86)\Bypassr\Bypassr.exe
      "C:\Program Files (x86)\Bypassr\Bypassr.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:1532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Bypassr\Bypassr.exe
    Filesize

    559KB

    MD5

    da8b923e85466c21c0b8be76703a528d

    SHA1

    4384f834bb9090e6c120bbea11cd43e68122183c

    SHA256

    947d978adafc61d84d1e3c770b189782a0f350356e0567f57aacf6e9f69edae9

    SHA512

    08694b306c93cfcd8843233f61bbe8d2b5629d4fcf38cc9405532185a91ed8bb23c51e2f56341cb367dc74c5b95d708997354e6fb704019d35ad48e6da2cbb23

    Download Submit

  • C:\Program Files (x86)\Bypassr\DiscordRPC.dll
    Filesize

    82KB

    MD5

    c6115a08c8e50dac0194fb98d3edc9d2

    SHA1

    903da7fb7ad47b7ad8eb5984ed54a865f6148744

    SHA256

    4dd4d48e0681604e3a7a72b6eae42173421d0b806b1af8fa03b45d9999978499

    SHA512

    3e43f721cf7b1ab28a4ff771b4186c70523eb2bd236063111593453c08dc8a7cf3fffd6a15af72502e8b800a35fbc7a7bd4ebb5b8f5f41796ee62a7a4a96c324

    Download Submit

  • C:\Program Files (x86)\Bypassr\Newtonsoft.Json.dll
    Filesize

    695KB

    MD5

    195ffb7167db3219b217c4fd439eedd6

    SHA1

    1e76e6099570ede620b76ed47cf8d03a936d49f8

    SHA256

    e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

    SHA512

    56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

    Download Submit

  • C:\Program Files (x86)\Bypassr\SwearList.txt
    Filesize

    2KB

    MD5

    74d557f68ee1e6b3fcd8929293ebf368

    SHA1

    ee16a408676677b37e9fbd69eec4c3eae0c56400

    SHA256

    cf98b59cb7d0b351d230568f16ef0f8d302be16ace222e1c87defe1f0fcb81df

    SHA512

    3322de6c4db23a14c2f5cfd5f47987a7c78c708c0d1e3723a2d8cd5fe44ab339b9107b15d93f8ac0dcd62ad87e34182c0d0c33b33b7beb65a18c5b128299337b

    Download Submit

  • memory/556-6-0x0000000074EE0000-0x0000000075690000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/556-5-0x0000000074EE0000-0x0000000075690000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/556-0-0x0000000074EEE000-0x0000000074EEF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/556-8-0x0000000008F10000-0x0000000008F1A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/556-9-0x0000000008F40000-0x0000000008F52000-memory.dmp

    Filesize

    72KB

    Download

  • memory/556-4-0x0000000004D20000-0x0000000004D2A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/556-1-0x0000000000260000-0x00000000002C0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/556-2-0x0000000005320000-0x00000000058C4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/556-35-0x0000000074EE0000-0x0000000075690000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/556-3-0x0000000004C60000-0x0000000004CF2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1532-40-0x0000000005040000-0x000000000505A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1532-39-0x0000000005020000-0x000000000503A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1532-41-0x0000000074EE0000-0x0000000075690000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1532-42-0x0000000074EE0000-0x0000000075690000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1532-34-0x0000000000840000-0x00000000008D2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1532-33-0x0000000074EE0000-0x0000000075690000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1532-47-0x0000000008560000-0x0000000008612000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1532-48-0x0000000074EE0000-0x0000000075690000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1532-49-0x0000000074EE0000-0x0000000075690000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1532-50-0x0000000074EE0000-0x0000000075690000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1532-51-0x0000000074EE0000-0x0000000075690000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1532-52-0x0000000074EE0000-0x0000000075690000-memory.dmp

    Filesize

    7.7MB

    Download