Analysis
-
max time kernel
0s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
31-12-2023 02:19
General
-
Target
2447a1337a8d6e0d719786edf65fdc23.exe
-
Size
25KB
-
MD5
2447a1337a8d6e0d719786edf65fdc23
-
SHA1
41d4045603fdb598ac970ec8055c965aa364474e
-
SHA256
1b9057b53c2b1b180c0abd95168f828e672e7bf19bb8aa447b2e521affdc6835
-
SHA512
374c8929ccdcd3d665e16f5a77fae15aa6f9f248175b780fd7d6e9f44b8dc70be2bc8c92dc3593f7543761b7fc86d183ce7c0b6c82c9b12c11a6fe24f5222e2b
-
SSDEEP
384:/QaQWRIgS3Wvr+DipTy08EqgBq+MmOjso7D4bHIin+5ama72o9CldVqG:/fhR+SEipTyC3Bq+MFhC+5amI2NvwG
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2447a1337a8d6e0d719786edf65fdc23.exe"C:\Users\Admin\AppData\Local\Temp\2447a1337a8d6e0d719786edf65fdc23.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\budha.exe"C:\Users\Admin\AppData\Local\Temp\budha.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
25KB
MD570d94b65e8db0e8b8c3ff9ad2cb162c4
SHA168a0bcb9be5038e375e33ce699a6fb3cbe66e991
SHA256d58cf1520b7a344e3c7c28c56485000da566dd03e173d2ad5f74a910583fc64f
SHA5129b4e33a76e1d2d4443d499472cfa53b8cd92897e2abb9aae526a8c3c8fcf2fd61b17f27eeab22c6cd4c137e96284133af7d333d6fb84ec98970127480fcd8659