135f627830fa0952761e5d279e5ab8a6f30bfe9b41150f3ebdf7210f3fc85f62

Analysis

max time kernel
27s
max time network
32s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05-07-2023 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

135f627830fa0952761e5d279e5ab8a6f30bfe9b41150f3ebdf7210f3fc85f62.exe
Size

28KB
MD5

4bf25f1f9269220369bfafb8d14a6dc9
SHA1

943f42f3c0b90b13d44e6b53d18c482e7529254a
SHA256

135f627830fa0952761e5d279e5ab8a6f30bfe9b41150f3ebdf7210f3fc85f62
SHA512

3aa4fec06d38759ebeb8ea9cafe8bfb00dd27dce284c69f2d8e9420ad7ff82f024355d3ce3dea2ae1516181e5f0abd8104ecefe170ce3ab46f48fdaeb305dd86
SSDEEP

384:nWzwZcuieV9yzK1/50F+xR3VcNmP15jiII39lpZ7/E/yUq:W9eVPiaow1GfpZLUq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
364	budha.exe

Loads dropped DLL 1 IoCs

pid	Process
2284	135f627830fa0952761e5d279e5ab8a6f30bfe9b41150f3ebdf7210f3fc85f62.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 364	2284	135f627830fa0952761e5d279e5ab8a6f30bfe9b41150f3ebdf7210f3fc85f62.exe	28
PID 2284 wrote to memory of 364	2284	135f627830fa0952761e5d279e5ab8a6f30bfe9b41150f3ebdf7210f3fc85f62.exe	28
PID 2284 wrote to memory of 364	2284	135f627830fa0952761e5d279e5ab8a6f30bfe9b41150f3ebdf7210f3fc85f62.exe	28
PID 2284 wrote to memory of 364	2284	135f627830fa0952761e5d279e5ab8a6f30bfe9b41150f3ebdf7210f3fc85f62.exe	28

C:\Users\Admin\AppData\Local\Temp\135f627830fa0952761e5d279e5ab8a6f30bfe9b41150f3ebdf7210f3fc85f62.exe
"C:\Users\Admin\AppData\Local\Temp\135f627830fa0952761e5d279e5ab8a6f30bfe9b41150f3ebdf7210f3fc85f62.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:364

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
29KB

MD5
1844aa791baedec602f7bf7e1fcc3025

SHA1
784f853c778f641f4433f7e7a37b1a689f36febd

SHA256
8448af5e89fe20c87c840860460722aa38297ef5cd0eec185e483aa837094d0d

SHA512
18beb01bbd463858fcb928bafe0c8eaaf02026dae6e20605470c6c8efa891da62caeb78a4dfc8faafeb8f5ff0c938b3e16c43ffdd53f3ca5bdd85b0c2e974a3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
29KB

MD5
1844aa791baedec602f7bf7e1fcc3025

SHA1
784f853c778f641f4433f7e7a37b1a689f36febd

SHA256
8448af5e89fe20c87c840860460722aa38297ef5cd0eec185e483aa837094d0d

SHA512
18beb01bbd463858fcb928bafe0c8eaaf02026dae6e20605470c6c8efa891da62caeb78a4dfc8faafeb8f5ff0c938b3e16c43ffdd53f3ca5bdd85b0c2e974a3f

Download Submit
\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
29KB

MD5
1844aa791baedec602f7bf7e1fcc3025

SHA1
784f853c778f641f4433f7e7a37b1a689f36febd

SHA256
8448af5e89fe20c87c840860460722aa38297ef5cd0eec185e483aa837094d0d

SHA512
18beb01bbd463858fcb928bafe0c8eaaf02026dae6e20605470c6c8efa891da62caeb78a4dfc8faafeb8f5ff0c938b3e16c43ffdd53f3ca5bdd85b0c2e974a3f

Download Submit
memory/364-62-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/364-63-0x0000000000420000-0x0000000000427000-memory.dmp

Filesize
28KB

Download
memory/2284-60-0x00000000004D0000-0x00000000004D7000-memory.dmp

Filesize
28KB

Download