Analysis
-
max time kernel
134s -
max time network
161s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
31/12/2023, 06:54
General
-
Target
2c5c84ab98d7a7f0c508cffa1e2394a5.exe
-
Size
15KB
-
MD5
2c5c84ab98d7a7f0c508cffa1e2394a5
-
SHA1
ba36a6c8cd086b764598dbddcec2123b949c46a6
-
SHA256
3fc81de02941c36b47e5532875998cc49803683679f78f61718d003173d69ab6
-
SHA512
d66a15c7b2391fb25f2f76562bbff78ddc72280509e229d880a41495177a66a5d4857eb94bb7d7ff85510bc499dc61cd18f23452c3c56d451dae177c2cdc2eec
-
SSDEEP
192:uxqO9CQWRIgiZKJ6yEqlpmyfC9igTsboMlQ2G92n44l2R5JBblrIRWFdGWr:ux0QWRIgOytfSVE44ls9l9FdGw
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2c5c84ab98d7a7f0c508cffa1e2394a5.exe"C:\Users\Admin\AppData\Local\Temp\2c5c84ab98d7a7f0c508cffa1e2394a5.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\budha.exe"C:\Users\Admin\AppData\Local\Temp\budha.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15KB
MD5fe11c20146c8d0df87558ea91e605e9d
SHA1caa45353fe087d518e4d66a383a25a3e5fe999d7
SHA256edaf33aca5a96c454ce7b2cf9dbbbade6c6d3b29c4c2263243d87702ce0202f5
SHA512bf4b75f32b6c2df48b3f84176c0c819f3be7a05ffbb703d9e74c5df4a521bc1b07734befbad58897707d1600a31172c7e3e7205df55e85033a9a80f564c79cff