4235e8f9811f219eca36bbfd01be2bf6d16e1e51d9ddec8dfdcc970a5a8b2c17

Analysis

max time kernel
151s
max time network
157s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab4bf63317dc6783e479da430b4b09a1.exe
Size

8KB
MD5

ab4bf63317dc6783e479da430b4b09a1
SHA1

4ca41fcd6d0130c6955ca448476dce6d975cafcc
SHA256

4235e8f9811f219eca36bbfd01be2bf6d16e1e51d9ddec8dfdcc970a5a8b2c17
SHA512

b70dbd080bd85aeeca030a839e0d7f6488cf59d40dd464c3bb958e4a627516cbb809a1f7023307f009ed5e88c16b4a2efad426c7e01e0dcd22282ad45fab1929
SSDEEP

96:fNJEEvtcUF7xAnQWRIUZ2CmKv5PF2wGkGzCHl6iCLkaqWaACikWka7KNKgnkWkX:XEYWQWRIgSU5PenzCHlXGYWaAFgE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2756	budha.exe

Loads dropped DLL 2 IoCs

pid	Process
2348	ab4bf63317dc6783e479da430b4b09a1.exe
2348	ab4bf63317dc6783e479da430b4b09a1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2756	2348	ab4bf63317dc6783e479da430b4b09a1.exe	28
PID 2348 wrote to memory of 2756	2348	ab4bf63317dc6783e479da430b4b09a1.exe	28
PID 2348 wrote to memory of 2756	2348	ab4bf63317dc6783e479da430b4b09a1.exe	28
PID 2348 wrote to memory of 2756	2348	ab4bf63317dc6783e479da430b4b09a1.exe	28

C:\Users\Admin\AppData\Local\Temp\ab4bf63317dc6783e479da430b4b09a1.exe
"C:\Users\Admin\AppData\Local\Temp\ab4bf63317dc6783e479da430b4b09a1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
8KB

MD5
ebb7d004d486bcc79fd4c721dc6283dd

SHA1
5ba9d47c0a7279a82091df81892fbd817350a865

SHA256
d0f220cbea95e3d82cbac1ee7bbe696f803738e3a84c720ebc179da2b66cdc61

SHA512
51fc180fc4e28707589f113461e19b035de94bb318c1b96d6c20d69dba8dcb43508271973e26027a5ae5cf767a3d9c93677aa3f644a62fbfa0c11cda7607f210

Download Submit