78c3fde111eccac4b392a50d24469dbae288e711a6b0c38e80d9fe9dd31559d9

Analysis

max time kernel
118s
max time network
139s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
05-11-2023 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.6eb4c5bdb30d105853ddd16326786290.exe
Size

20KB
MD5

6eb4c5bdb30d105853ddd16326786290
SHA1

93f7ca33f2420afa60be56e1af37b07c701ef2fe
SHA256

78c3fde111eccac4b392a50d24469dbae288e711a6b0c38e80d9fe9dd31559d9
SHA512

b3f8678e491c7b8546376af7871c8bcdaeaa9e27dfbd0f028d9b012d2c466b7b6909e03789c897d3224bd9acad7397b4475052f7dabad49d99d535cd116222de
SSDEEP

384:iTjB4f0y4lSqCHHffYZ5SKNOI5pbzCZYCKdKj+RtdFuO3:Q406H/0PbzCdj+Rtm+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2104	budha.exe

Loads dropped DLL 2 IoCs

pid	Process
2824	NEAS.6eb4c5bdb30d105853ddd16326786290.exe
2824	NEAS.6eb4c5bdb30d105853ddd16326786290.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2104	2824	NEAS.6eb4c5bdb30d105853ddd16326786290.exe	27
PID 2824 wrote to memory of 2104	2824	NEAS.6eb4c5bdb30d105853ddd16326786290.exe	27
PID 2824 wrote to memory of 2104	2824	NEAS.6eb4c5bdb30d105853ddd16326786290.exe	27
PID 2824 wrote to memory of 2104	2824	NEAS.6eb4c5bdb30d105853ddd16326786290.exe	27

C:\Users\Admin\AppData\Local\Temp\NEAS.6eb4c5bdb30d105853ddd16326786290.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.6eb4c5bdb30d105853ddd16326786290.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
20KB

MD5
1976b68e808be89e7e819f075b91fdf3

SHA1
d9d43b2a499851691cabd667900d0e38bf88a9f2

SHA256
5a0eaf2273896140fa30d65093543123caa7991ef319c6fb7bc12c146967e8ac

SHA512
be74dd167a8234b44fab9827b691eb9a415247ee72f9bafb5461cd29a787ea49e7db7307e4a1593501e59dfb721439bb63043354bd7242e21d688b4ef09f9579

Download Submit
C:\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
20KB

MD5
1976b68e808be89e7e819f075b91fdf3

SHA1
d9d43b2a499851691cabd667900d0e38bf88a9f2

SHA256
5a0eaf2273896140fa30d65093543123caa7991ef319c6fb7bc12c146967e8ac

SHA512
be74dd167a8234b44fab9827b691eb9a415247ee72f9bafb5461cd29a787ea49e7db7307e4a1593501e59dfb721439bb63043354bd7242e21d688b4ef09f9579

Download Submit
C:\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
20KB

MD5
1976b68e808be89e7e819f075b91fdf3

SHA1
d9d43b2a499851691cabd667900d0e38bf88a9f2

SHA256
5a0eaf2273896140fa30d65093543123caa7991ef319c6fb7bc12c146967e8ac

SHA512
be74dd167a8234b44fab9827b691eb9a415247ee72f9bafb5461cd29a787ea49e7db7307e4a1593501e59dfb721439bb63043354bd7242e21d688b4ef09f9579

Download Submit
\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
20KB

MD5
1976b68e808be89e7e819f075b91fdf3

SHA1
d9d43b2a499851691cabd667900d0e38bf88a9f2

SHA256
5a0eaf2273896140fa30d65093543123caa7991ef319c6fb7bc12c146967e8ac

SHA512
be74dd167a8234b44fab9827b691eb9a415247ee72f9bafb5461cd29a787ea49e7db7307e4a1593501e59dfb721439bb63043354bd7242e21d688b4ef09f9579

Download Submit
\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
20KB

MD5
1976b68e808be89e7e819f075b91fdf3

SHA1
d9d43b2a499851691cabd667900d0e38bf88a9f2

SHA256
5a0eaf2273896140fa30d65093543123caa7991ef319c6fb7bc12c146967e8ac

SHA512
be74dd167a8234b44fab9827b691eb9a415247ee72f9bafb5461cd29a787ea49e7db7307e4a1593501e59dfb721439bb63043354bd7242e21d688b4ef09f9579

Download Submit