Resubmissions

03-09-2024 03:25

240903-dy1nxswbpl 10

Analysis

  • max time kernel
    35s
  • max time network
    37s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03-09-2024 03:25

General

  • Target

    BBA Launcher.exe

  • Size

    168.1MB

  • MD5

    69ba8c5f1933cbd68f4a53b3633d6ad4

  • SHA1

    743128ea353a60d1db06eeacec9f4c38f9a78d73

  • SHA256

    963c4e4a24bcb04da89c66c8b4c63469c7806556a48125ce5d17491f233c6c4f

  • SHA512

    b37aa402fc099192f14c9fdf06a0d91014897ee8e499443305295edb5472faf932714fff0bfaf5e5de8265dd87ec3297609c91a5509ab1f96fa8ef6cb8e68f6b

  • SSDEEP

    1572864:+QqT4eFUirK1e2zSQ5Rcw/N5cae/bHhrPdacyodvcPSBoHESUlyAzl/:4BKRcAMyAzB

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1004
    • C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
      "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1576 --field-trial-handle=1596,i,9514405159514410199,17533984610999548344,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
      2⤵
        PID:4660
      • C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
        "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --mojo-platform-channel-handle=2500 --field-trial-handle=1596,i,9514405159514410199,17533984610999548344,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
        2⤵
          PID:2124
        • C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
          "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2732 --field-trial-handle=1596,i,9514405159514410199,17533984610999548344,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
          2⤵
          • Checks computer location settings
          PID:2184
        • C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
          "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1596,i,9514405159514410199,17533984610999548344,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
          2⤵
          • Checks computer location settings
          PID:656
        • C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
          "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --mojo-platform-channel-handle=3128 --field-trial-handle=1596,i,9514405159514410199,17533984610999548344,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
          2⤵
            PID:3620
          • C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
            "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3304 --field-trial-handle=1596,i,9514405159514410199,17533984610999548344,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
            2⤵
            • Checks computer location settings
            PID:920
          • C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
            "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3500 --field-trial-handle=1596,i,9514405159514410199,17533984610999548344,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
            2⤵
            • Checks computer location settings
            PID:3520
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x3d0
          1⤵
            PID:1092

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\34e8f370-263f-4945-abbc-58f9ededdb6b.tmp.ico

            Filesize

            4KB

            MD5

            a45dd3140abdd7f0d5650d44394538dd

            SHA1

            96131a23fd8baafdc808a9991265e18bb4736cc6

            SHA256

            9da60de8178f74aff8d2c5d2d528b6d55a880c6074b90e065760321c74db4af7

            SHA512

            b44f90ce9ef65d7d156a65ef6649ac3dfad489b5b277c2cdbbee6e7e05a78f18df4044b878745a21df74126155b54901164cb6a26322b0c84c354c037878a6f4

          • C:\Users\Admin\AppData\Roaming\BBA Launcher\Code Cache\js\index-dir\the-real-index

            Filesize

            48B

            MD5

            83fc4c1f62cd6b20f0946b4cc36910e4

            SHA1

            f75ea57f23232ee3a159fe3fafd66355d2582b80

            SHA256

            d52376018bdd9d3eb0af39823e754cfa2718173d51d2952c0bad6a902d320795

            SHA512

            29945563c0a5d21733d2b807fbebab4ae801b4b3224224e82ae9f232b9ea513ed1c7375f05970812cb8dac12fdf75d3b6eef26f99ade05247498b0de9effc823

          • C:\Users\Admin\AppData\Roaming\BBA Launcher\Code Cache\js\index-dir\the-real-index

            Filesize

            72B

            MD5

            e2f5900fb3a4fb75fbeda7ee55c3148e

            SHA1

            5c8b820c57d5f2e2c9be0367288d0fb5736d05dc

            SHA256

            11cb309857177ae58d83d4e21d83e9e8e5d514a57d0b3c9b18def9243951ce3b

            SHA512

            c312c6b7ceb77256beca8634e4e811ef21f5486f8abffb30b23d7754ce670b50f30566595ffc41e7d6189ee02e9fc14342848b539eb94416a7b425101b450b5e

          • C:\Users\Admin\AppData\Roaming\BBA Launcher\DawnCache\data_0

            Filesize

            8KB

            MD5

            cf89d16bb9107c631daabf0c0ee58efb

            SHA1

            3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

            SHA256

            d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

            SHA512

            8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

          • C:\Users\Admin\AppData\Roaming\BBA Launcher\DawnCache\data_1

            Filesize

            264KB

            MD5

            d0d388f3865d0523e451d6ba0be34cc4

            SHA1

            8571c6a52aacc2747c048e3419e5657b74612995

            SHA256

            902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

            SHA512

            376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

          • C:\Users\Admin\AppData\Roaming\BBA Launcher\DawnCache\data_2

            Filesize

            8KB

            MD5

            0962291d6d367570bee5454721c17e11

            SHA1

            59d10a893ef321a706a9255176761366115bedcb

            SHA256

            ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

            SHA512

            f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

          • C:\Users\Admin\AppData\Roaming\BBA Launcher\DawnCache\data_3

            Filesize

            8KB

            MD5

            41876349cb12d6db992f1309f22df3f0

            SHA1

            5cf26b3420fc0302cd0a71e8d029739b8765be27

            SHA256

            e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

            SHA512

            e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

          • C:\Users\Admin\AppData\Roaming\BBA Launcher\Session Storage\CURRENT

            Filesize

            16B

            MD5

            46295cac801e5d4857d09837238a6394

            SHA1

            44e0fa1b517dbf802b18faf0785eeea6ac51594b

            SHA256

            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

            SHA512

            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

          • memory/656-70-0x00007FF89DDF0000-0x00007FF89DDF1000-memory.dmp

            Filesize

            4KB

          • memory/656-71-0x00007FF89D1A0000-0x00007FF89D1A1000-memory.dmp

            Filesize

            4KB