Overview
overview
10Static
static
3BlackBullet2.exe
windows7-x64
10BlackBullet2.exe
windows10-2004-x64
10Data/BB2.exe
windows7-x64
10Data/BB2.exe
windows10-2004-x64
10Data/BlackBullet2.exe
windows7-x64
10Data/BlackBullet2.exe
windows10-2004-x64
10Data/Docum...5).pdf
windows7-x64
3Data/Docum...5).pdf
windows10-2004-x64
3Data/Docum...OK.pdf
windows7-x64
3Data/Docum...OK.pdf
windows10-2004-x64
3Data/DotNetZip.dll
windows7-x64
1Data/DotNetZip.dll
windows10-2004-x64
1Data/bin/A...rp.dll
windows7-x64
1Data/bin/A...rp.dll
windows10-2004-x64
1Data/bin/A...ry.dll
windows7-x64
1Data/bin/A...ry.dll
windows10-2004-x64
1Data/bin/D...ry.dll
windows7-x64
1Data/bin/D...ry.dll
windows10-2004-x64
1Data/bin/D...ha.dll
windows7-x64
1Data/bin/D...ha.dll
windows10-2004-x64
1Data/bin/E...et.dll
windows7-x64
1Data/bin/E...et.dll
windows10-2004-x64
1Data/bin/I...it.dll
windows7-x64
1Data/bin/I...it.dll
windows10-2004-x64
1Data/bin/I...rs.dll
windows7-x64
1Data/bin/I...rs.dll
windows10-2004-x64
1Data/bin/I...es.dll
windows7-x64
1Data/bin/I...es.dll
windows10-2004-x64
1Data/bin/I...te.dll
windows7-x64
1Data/bin/I...te.dll
windows10-2004-x64
1Data/bin/I...pf.dll
windows7-x64
1Data/bin/I...pf.dll
windows10-2004-x64
1Analysis
-
max time kernel
146s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
26/10/2024, 21:18
Static task
static1
Behavioral task
behavioral1
Sample
BlackBullet2.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
BlackBullet2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Data/BB2.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Data/BB2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Data/BlackBullet2.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Data/BlackBullet2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Data/Documentation/OLD USER GUIDE (1.1.5).pdf
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
Data/Documentation/OLD USER GUIDE (1.1.5).pdf
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Data/Documentation/SELENIUM CONFIGS HANDBOOK.pdf
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Data/Documentation/SELENIUM CONFIGS HANDBOOK.pdf
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Data/DotNetZip.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
Data/DotNetZip.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Data/bin/AngleSharp.dll
Resource
win7-20241023-en
Behavioral task
behavioral14
Sample
Data/bin/AngleSharp.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Data/bin/AntiCaptchaLibrary.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Data/bin/AntiCaptchaLibrary.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Data/bin/DeCaptcherLibrary.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Data/bin/DeCaptcherLibrary.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Data/bin/DeathByCaptcha.dll
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
Data/bin/DeathByCaptcha.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Data/bin/Extreme.Net.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Data/bin/Extreme.Net.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Data/bin/ICSharpCode.AvalonEdit.dll
Resource
win7-20241023-en
Behavioral task
behavioral24
Sample
Data/bin/ICSharpCode.AvalonEdit.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Data/bin/ImageTypers.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
Data/bin/ImageTypers.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Data/bin/IronPython.Modules.dll
Resource
win7-20241010-en
Behavioral task
behavioral28
Sample
Data/bin/IronPython.Modules.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
Data/bin/IronPython.SQLite.dll
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
Data/bin/IronPython.SQLite.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Data/bin/IronPython.Wpf.dll
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
Data/bin/IronPython.Wpf.dll
Resource
win10v2004-20241007-en
General
-
Target
Data/BB2.exe
-
Size
247KB
-
MD5
0f71306382369d8d08598bee5403bcb5
-
SHA1
b4530c2d598c9d48d18e53cb26b87a07ab4108a1
-
SHA256
dc0f37fdd2414feba7fc57d18fe8407cb4d891e139a462f75758ef97f61694cd
-
SHA512
07644af616316c155ae20220aafe83d2a6b911d73f9af7bd3a3ffbe8a4517d0cb5c41bbbca32d5d0e0772ad54bdeed44705e1c903af450724dccfb4e2f3e7fc5
-
SSDEEP
1536:f7f9h0UPJP/CpICdikMLMLv5PFNg1qrX+VIOlnToIfPgIxYnPf8O9:TliUPXC8k1nJrX+fNTBf7i9
Malware Config
Signatures
-
Detect ZGRat V2 1 IoCs
resource yara_rule behavioral4/memory/2936-9-0x0000000000400000-0x00000000008FA000-memory.dmp family_zgrat_v2 -
Zgrat family
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation BB2.exe -
Loads dropped DLL 12 IoCs
pid Process 2936 BlackBullet2.exe 2936 BlackBullet2.exe 2936 BlackBullet2.exe 2936 BlackBullet2.exe 2936 BlackBullet2.exe 2936 BlackBullet2.exe 2936 BlackBullet2.exe 2936 BlackBullet2.exe 2936 BlackBullet2.exe 2936 BlackBullet2.exe 2936 BlackBullet2.exe 2936 BlackBullet2.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BB2.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BlackBullet2.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 432 msedge.exe 432 msedge.exe 2460 msedge.exe 2460 msedge.exe 2056 identity_helper.exe 2056 identity_helper.exe 6100 msedge.exe 6100 msedge.exe 6100 msedge.exe 6100 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3956 wrote to memory of 2948 3956 BB2.exe 85 PID 3956 wrote to memory of 2948 3956 BB2.exe 85 PID 2948 wrote to memory of 2460 2948 cmd.exe 88 PID 2948 wrote to memory of 2460 2948 cmd.exe 88 PID 2460 wrote to memory of 5024 2460 msedge.exe 90 PID 2460 wrote to memory of 5024 2460 msedge.exe 90 PID 2948 wrote to memory of 2936 2948 cmd.exe 89 PID 2948 wrote to memory of 2936 2948 cmd.exe 89 PID 2948 wrote to memory of 2936 2948 cmd.exe 89 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 1180 2460 msedge.exe 91 PID 2460 wrote to memory of 432 2460 msedge.exe 92 PID 2460 wrote to memory of 432 2460 msedge.exe 92 PID 2460 wrote to memory of 2884 2460 msedge.exe 93 PID 2460 wrote to memory of 2884 2460 msedge.exe 93 PID 2460 wrote to memory of 2884 2460 msedge.exe 93 PID 2460 wrote to memory of 2884 2460 msedge.exe 93 PID 2460 wrote to memory of 2884 2460 msedge.exe 93 PID 2460 wrote to memory of 2884 2460 msedge.exe 93 PID 2460 wrote to memory of 2884 2460 msedge.exe 93 PID 2460 wrote to memory of 2884 2460 msedge.exe 93 PID 2460 wrote to memory of 2884 2460 msedge.exe 93 PID 2460 wrote to memory of 2884 2460 msedge.exe 93 PID 2460 wrote to memory of 2884 2460 msedge.exe 93 PID 2460 wrote to memory of 2884 2460 msedge.exe 93 PID 2460 wrote to memory of 2884 2460 msedge.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\Data\BB2.exe"C:\Users\Admin\AppData\Local\Temp\Data\BB2.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3956 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8C52.tmp\8C53.tmp\8C54.bat C:\Users\Admin\AppData\Local\Temp\Data\BB2.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2948 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://crackingparadox.com/3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2460 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb5be246f8,0x7ffb5be24708,0x7ffb5be247184⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6668872463115208328,9545035135951087509,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:24⤵PID:1180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6668872463115208328,9545035135951087509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,6668872463115208328,9545035135951087509,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:84⤵PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6668872463115208328,9545035135951087509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:14⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6668872463115208328,9545035135951087509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:14⤵PID:3804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6668872463115208328,9545035135951087509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:14⤵PID:2640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6668872463115208328,9545035135951087509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:84⤵PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6668872463115208328,9545035135951087509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6668872463115208328,9545035135951087509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:14⤵PID:1900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6668872463115208328,9545035135951087509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:14⤵PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6668872463115208328,9545035135951087509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:14⤵PID:3600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6668872463115208328,9545035135951087509,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:14⤵PID:4064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6668872463115208328,9545035135951087509,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
PID:6100
-
-
-
C:\Users\Admin\AppData\Local\Temp\Data\BlackBullet2.exeBlackBullet2.exe FL3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2936
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:544
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4828
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5333636869ef4b6cca3598866d612af82
SHA160e7c0f571aab4594d1f5b445474f89a4c48c74c
SHA256597b25a0ed34f1fc8a3d2131904f78307e7fc6828d32f8ad55110d005a3e96ff
SHA51292ceab1534704f42b74a6bb342ffa3e6aed6f65bfe48a2aa85deb76927f555e438e667bff1d6a470870d5233da7d7d99fe7e339d0d796e5003b6c4ba5e49e435
-
Filesize
1005B
MD52c777e3a2d3e1dadff1b5107bebd3794
SHA10234f5157b7ee2db9b2068f73d7aa9254cb31919
SHA2564f475ee3e9305097f8a035fc22c37b18eb1f23e74f4213e675d72f1e0106b6da
SHA5126d651eeeb650695b039b6943965780af5ac58caf3b882aa5ab00b368dde23f94ffc74f338c07e6f8688cfaecf6f4db9cfe37029fe453f54c4977cf8bf2c5c097
-
Filesize
6KB
MD5e7c79ffaeabcff1e1d82ed8b86df7155
SHA1202c5a225d6e0b254ece3b9f2fab03927da15b9b
SHA25670111ddea6319de208af376f76c32f681266b3e874cbe89bd4a32ebf3ef923e3
SHA512cc10aa5514a60f36d6a1226ab20a723e564f41056757c430e549069adf703c1f884266bfc545c4f1e5d24cc41092e7d4e9846714793a14232215844edd1f1e33
-
Filesize
5KB
MD5026c3499ac89dd04c033fbef3113994d
SHA12f3db5be1a1a589b15b298ae9b4a6043f8920757
SHA256213e601cc89891ed93ea039c3ea1ee6789324dc0aa791eb9ee80c907949c380f
SHA512cbbcbe96078185e93ab5259653ece6bcd0ba526b0c23e757127eba635d2f2d3084dfa3f787320ca76293ac29ab3a4d64019bc4bc8832d4544d6a2c17a9a604e0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53a80bc396f1e5637525e9dd93cc56da7
SHA1cac3964f44f31ec0161bb38f6c26771ecaaf1fb5
SHA2569979b19fc1b680603eacf0c145a7b60ec311f51389f6e9be535dab1599bd7518
SHA51293861d366c5d734fe3cd787019859c7b4410bafe2fc7ded060d3d4bd596ed8579cdacc8bbaf1dac40fb470e344ed248e932fda60bd10f79ba6931c84ded13dea
-
Filesize
71B
MD52a0d73d98b428296a6e4dd75d20356c8
SHA148fb89a2afb456f31d75e23e6a7df0fda4ef3e2f
SHA25636afdc556332525b8de95bfb7b83e266dc9d90746084cc6ded0f74a96cba26b2
SHA5126f2bd412360157d1b7edbe1501adb978fb6f47aae0c7161c40c608c1317ac8e6ade80aecaf6297ca2e6fdea04f490954b7a91d5a6df03ab6e00f70ff78307697
-
Filesize
1KB
MD5ffce54e20826d374ab5e2ee01b4cb247
SHA1ec13d3732150aec775d71d9d3d97f25995a1eb88
SHA256d5aada4701f8cf3cb22fa5092c98e784741dbf84d9905daf0928b9270a0ec11a
SHA512266673cc361747987ac5ca1b3a0c136f8812405a4646b5be7df18639ee6b893eb26429a41c2fa0b7ddb250289af86fbb7893dce4ddf5b37cd22fa7aace2e2d3d
-
Filesize
1KB
MD50ce4834f5cba48c98b0956c0de6d9169
SHA153e862ef50a712a43ebb11edbabe85edbc9011b9
SHA256cd27cf9a36d0f791925d581b4f107536428026e5ec67ac8ec064cfb855d1c135
SHA5123be3497f811339c6ce2f3d16d43e97d7b83da40ae1c54b6ac53e7dee23d71439318111a7967e16131eb46b62aae84ce54ee5a819cdeece6a9576df5595b3dbd0
-
Filesize
1KB
MD5992f3b6741f74aeba23a38aa61665501
SHA1ea1dc14e3dbfd10e5b78e0c5c66b99c90bff507d
SHA2566acbecfd4644be3ab04625dc517d812abdd0437d68980d55dcbda319f6e184c1
SHA51232c6151a270aa32317fc2878ca216fd512379b48238448da383e68168e527265d234d7e63ae3603fb09929282b62c5fae0539222814f25d3e0268bac0b6c6d37
-
Filesize
1KB
MD5dd6e920cae4262f4116706722b5c2d2b
SHA1823c70ddfd94e4108001a2da7720aaa0aa721a39
SHA256cce540819490859a84ba53c71b3a9e57978c7c1ef00114b24712037e0e5080a1
SHA51230ef35e89e3150e9309519d14a270a36822b58a30d784ae1377a66b4655b428eb935c354d0fd4768e09d0115900ff1138795feddbffd98315ef2922cf44cd667
-
Filesize
1KB
MD50b8d921d6a673285be78a679f3d451f5
SHA15fd3370b6ee09ffeffaf1f2d1b472fe1ab2e44e3
SHA25644914a1ee2dd069afc47dbc8e836adaeab915b6a652e25475e52e598b91a8b54
SHA512eb3bde14a1c3dc5670f8d92b2c6f055b1b3408f89dafd22aea55f42d361ffdd4a1c19490f52d2cce2726ba2812026e493591dbebe9ad1a52ecc749749824af5b