9e2c4524abc6f5c620b2de69cd5a24a48ab42e6c9ee410bfdbdfd687ae27644f

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
04/11/2023, 09:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.ddb227563006ba19571fc9ec66ec8660_JC.exe
Size

37KB
MD5

ddb227563006ba19571fc9ec66ec8660
SHA1

bb518bce285e8fff8cfe50244ac6437c5626bdcd
SHA256

9e2c4524abc6f5c620b2de69cd5a24a48ab42e6c9ee410bfdbdfd687ae27644f
SHA512

e389e62c85f5bb59176e0b3ad8f147bcb4ca286e13d09bca7836cef7540ee128bdbe64998588b5de994fe8d470cba06067c7b2ef04452c61094437b96abfb8d1
SSDEEP

384:nM8QexhsOM6j1QP9Ky7c5/KA7ctLCX3r1aMvydya1bhQgvGRz2nHRTivL0O048:npBvj1Qx7c1UWLghnfGEnxTK8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2352	budha.exe

Loads dropped DLL 1 IoCs

pid	Process
2188	NEAS.ddb227563006ba19571fc9ec66ec8660_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2352	2188	NEAS.ddb227563006ba19571fc9ec66ec8660_JC.exe	29
PID 2188 wrote to memory of 2352	2188	NEAS.ddb227563006ba19571fc9ec66ec8660_JC.exe	29
PID 2188 wrote to memory of 2352	2188	NEAS.ddb227563006ba19571fc9ec66ec8660_JC.exe	29
PID 2188 wrote to memory of 2352	2188	NEAS.ddb227563006ba19571fc9ec66ec8660_JC.exe	29

C:\Users\Admin\AppData\Local\Temp\NEAS.ddb227563006ba19571fc9ec66ec8660_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.ddb227563006ba19571fc9ec66ec8660_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
37KB

MD5
f3f2e37552b93af2c387caec2ab58cc8

SHA1
14f2a84d2e01ce1d010e0115ce244685205ff5a1

SHA256
f380af615e7672718a890a7ce891432f47058c2ac7f2d94a02ad6e72780808ea

SHA512
6adcfe239538feb96f2f95b87a49d6109245b7bc80a543f5c263b0de427b5fa7510d158a85bad989731be7566daa45fbd07df1e1fba9700d0d5d5015aaf6509d

Download Submit
C:\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
37KB

MD5
f3f2e37552b93af2c387caec2ab58cc8

SHA1
14f2a84d2e01ce1d010e0115ce244685205ff5a1

SHA256
f380af615e7672718a890a7ce891432f47058c2ac7f2d94a02ad6e72780808ea

SHA512
6adcfe239538feb96f2f95b87a49d6109245b7bc80a543f5c263b0de427b5fa7510d158a85bad989731be7566daa45fbd07df1e1fba9700d0d5d5015aaf6509d

Download Submit
\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
37KB

MD5
f3f2e37552b93af2c387caec2ab58cc8

SHA1
14f2a84d2e01ce1d010e0115ce244685205ff5a1

SHA256
f380af615e7672718a890a7ce891432f47058c2ac7f2d94a02ad6e72780808ea

SHA512
6adcfe239538feb96f2f95b87a49d6109245b7bc80a543f5c263b0de427b5fa7510d158a85bad989731be7566daa45fbd07df1e1fba9700d0d5d5015aaf6509d

Download Submit
memory/2188-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2188-3-0x0000000001CA0000-0x0000000001CA7000-memory.dmp

Filesize
28KB

Download
memory/2188-2-0x0000000001DA0000-0x0000000001DA1000-memory.dmp

Filesize
4KB

Download
memory/2188-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2188-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2352-11-0x0000000001CA0000-0x0000000001CA7000-memory.dmp

Filesize
28KB

Download
memory/2352-12-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/2352-14-0x0000000000490000-0x0000000000497000-memory.dmp

Filesize
28KB

Download
memory/2352-15-0x0000000001CA0000-0x0000000001CA7000-memory.dmp

Filesize
28KB

Download
memory/2352-16-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2352-17-0x0000000000490000-0x0000000000497000-memory.dmp

Filesize
28KB

Download