Overview

overview

8

Static

static

8cbd435367...32.exe

windows7-x64

8

8cbd435367...32.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    48s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 23:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8cbd43536725c094427d2e2656b760bd3d412dc632de14436882bd359284c332.exe

  • Size

    19KB

  • MD5

    a13b833a94073a7f7dc25b7d3ac2d153

  • SHA1

    f2251d557f0bc4d93db6c1d9fea1a363405b42b3

  • SHA256

    8cbd43536725c094427d2e2656b760bd3d412dc632de14436882bd359284c332

  • SHA512

    8c9c94c2ee0fc8f12c11e31d0f626777de42918455a1ecc167d4aa64cd35cb60e748c96fcc4247325393c085f6256d9732a9b8bcb4bb510fb611bcd3eeb027dd

  • SSDEEP

    192:1YOmJ2dUYnt0ZVJVx+zXIKk21NMvPktX13S3o+Iq7wOH55Ia1e/hPEB9y2:Vt0Zz+EdtvsGL5YxQP

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8cbd43536725c094427d2e2656b760bd3d412dc632de14436882bd359284c332.exe
    "C:\Users\Admin\AppData\Local\Temp\8cbd43536725c094427d2e2656b760bd3d412dc632de14436882bd359284c332.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3108
    • C:\Users\Admin\AppData\Local\Temp\budha.exe
      "C:\Users\Admin\AppData\Local\Temp\budha.exe"
      2⤵
      • Executes dropped EXE
      PID:992

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\budha.exe
          Filesize

          19KB

          MD5

          eecc28753ef9662696578e3a19e8f1dc

          SHA1

          8764e5e22315c42e98984f0cad1909f0968e8a4f

          SHA256

          9cbe9017dc6de12b9329873533859e19d48827e52e53bf98964c011b121f2bee

          SHA512

          15bbfab16b9c6d1ab9f2fd381c59150e32c13c5c63b1e5b294b85dc90f4cb9815b7a6f0cba05602121f8303154138616f1fcde7e6a7a4dd8785973d494c2987b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\budha.exe
          Filesize

          19KB

          MD5

          eecc28753ef9662696578e3a19e8f1dc

          SHA1

          8764e5e22315c42e98984f0cad1909f0968e8a4f

          SHA256

          9cbe9017dc6de12b9329873533859e19d48827e52e53bf98964c011b121f2bee

          SHA512

          15bbfab16b9c6d1ab9f2fd381c59150e32c13c5c63b1e5b294b85dc90f4cb9815b7a6f0cba05602121f8303154138616f1fcde7e6a7a4dd8785973d494c2987b

          Download Submit

        • memory/992-138-0x0000000002450000-0x0000000002457000-memory.dmp

          Filesize

          28KB

          Download

        • memory/992-140-0x0000000002450000-0x0000000002457000-memory.dmp

          Filesize

          28KB

          Download

        • memory/992-139-0x0000000000410000-0x0000000000417000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3108-132-0x0000000000410000-0x0000000000417000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3108-133-0x0000000002490000-0x0000000002497000-memory.dmp

          Filesize

          28KB

          Download

        • memory/3108-137-0x0000000000410000-0x0000000000417000-memory.dmp

          Filesize

          28KB

          Download