Overview

overview

10

Static

static

3

fa84aaca64...24.exe

windows7-x64

10

fa84aaca64...24.exe

windows10-2004-x64

10

$PLUGINSDI...og.dll

windows7-x64

3

$PLUGINSDI...og.dll

windows10-2004-x64

3

0/Setup.exe

windows7-x64

3

0/Setup.exe

windows10-2004-x64

3

039F3.dll

windows7-x64

1

039F3.dll

windows10-2004-x64

1

039F4.js

windows7-x64

3

039F4.js

windows10-2004-x64

3

1/333.exe

windows7-x64

3

1/333.exe

windows10-2004-x64

3

2/babka.cmd

windows7-x64

6

2/babka.cmd

windows10-2004-x64

6

Ionic.Zip.dll

windows7-x64

1

Ionic.Zip.dll

windows10-2004-x64

1

SibClr.dll

windows7-x64

3

SibClr.dll

windows10-2004-x64

3

Sibjs.exe

windows7-x64

3

Sibjs.exe

windows10-2004-x64

3

Sibuia.exe

windows7-x64

3

Sibuia.exe

windows10-2004-x64

3

Zip.dll

windows7-x64

1

Zip.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    28-01-2025 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2/babka.cmd

  • Size

    277B

  • MD5

    7b3f261fb057fce0cb6233bd5258f829

  • SHA1

    d8b9075eaea96e7c5444cd3a209c78bd8bcd4e38

  • SHA256

    70fc159c1040f7da1beaba2ca98004babbd2ae7e2957d7c0c2aa67ebc43a1457

  • SHA512

    06401741072a5f0e41ea37523925b04af9fb2710f559b21eaba3a449a929d86028dfa6750d67744940bdcfb838e20fcb7210239a67d9f8c6ad09f4d0ed73d2be

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\2\babka.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Windows\system32\reg.exe
      REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "FutureApp" /t REG_SZ /F /D "C:\ProgramData\FutureApp\FutureApp.exe"
      2⤵
      • Adds Run key to start application
      PID:2260
    • C:\Windows\system32\reg.exe
      REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "FutureApp" /t REG_SZ /F /D "C:\ProgramData\FutureApp\FutureApp.exe"
      2⤵
      • Adds Run key to start application
      PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads