1934087948e7c56954803942c7d347d6ab49b806c24e49e800c462a79c37283a

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06/08/2024, 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BACeye.exe
Size

6.6MB
MD5

38ce82a78c215232f7980d7ff88b8705
SHA1

c04adca32f07d922b8a83fd7d5b3b2f6d4bdf936
SHA256

762a912b3b96762c92c80d30c879cd6688c921aca3c00a964cd2cfd699e1eabb
SHA512

e99965458dc1bf48f4348fde24825a5d3269b143a190bd965ab56181fa6826c8247e550dd8834198eceb29813034a4b73277ea7699c1f5bef07a45c14ec3b556
SSDEEP

49152:RDyO9PuUsfWky2iOxCqxKD+yUKn+3NWC8+gjMNaZz4s821LvsAD56Aor32T8Y/+u:dPuUDNOxCqxKD+34yaZz4sR9

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BACeye.exe

C:\Users\Admin\AppData\Local\Temp\BACeye.exe
"C:\Users\Admin\AppData\Local\Temp\BACeye.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BACeyeProject_638585296576200000.tmp

Filesize
6KB

MD5
c1d7d55d9f6f44129edfd935f3b53304

SHA1
27c2319482cfe88d2ee11902a60be22946caab2f

SHA256
33cfd4ea73c5af0909412a500466f3e1f7ec1db34de6c7f051539aa192ca8d19

SHA512
658e4f017d0d4b79a50552e02e2da13c1531e635000555d5a47d71a04467ef451d7c7cd2e0c4a90251f7216e352cc0e15bc3e2085075824ea0fdaa5806f071b8

Download Submit
memory/2648-8-0x0000000006550000-0x000000000664C000-memory.dmp

Filesize
1008KB

Download
memory/2648-2-0x00000000748E0000-0x0000000074FCE000-memory.dmp

Filesize
6.9MB

Download
memory/2648-5-0x0000000004810000-0x0000000004838000-memory.dmp

Filesize
160KB

Download
memory/2648-7-0x00000000010A0000-0x00000000010AA000-memory.dmp

Filesize
40KB

Download
memory/2648-6-0x00000000010A0000-0x00000000010AA000-memory.dmp

Filesize
40KB

Download
memory/2648-0-0x00000000748EE000-0x00000000748EF000-memory.dmp

Filesize
4KB

Download
memory/2648-1-0x0000000000860000-0x0000000000EFA000-memory.dmp

Filesize
6.6MB

Download
memory/2648-16-0x00000000748E0000-0x0000000074FCE000-memory.dmp

Filesize
6.9MB

Download
memory/2648-17-0x00000000748EE000-0x00000000748EF000-memory.dmp

Filesize
4KB

Download
memory/2648-18-0x00000000748E0000-0x0000000074FCE000-memory.dmp

Filesize
6.9MB

Download
memory/2648-19-0x00000000010A0000-0x00000000010AA000-memory.dmp

Filesize
40KB

Download
memory/2648-20-0x00000000748E0000-0x0000000074FCE000-memory.dmp

Filesize
6.9MB

Download