Overview

overview

10

Static

static

8

BuhtaClient.vbs

windows7-x64

1

BuhtaClient.vbs

windows10-2004-x64

1

BuhtaClient.exe

windows7-x64

10

BuhtaClient.exe

windows10-2004-x64

10

BuhtaDev.chm

windows7-x64

1

BuhtaDev.chm

windows10-2004-x64

1

BuhtaPivot.xls

windows7-x64

1

BuhtaPivot.xls

windows10-2004-x64

1

BuhtaServer.exe

windows7-x64

1

BuhtaServer.exe

windows10-2004-x64

1

PivotInstall.exe

windows7-x64

1

PivotInstall.exe

windows10-2004-x64

1

dsd.exe

windows7-x64

1

dsd.exe

windows10-2004-x64

1

eapi.dll

windows7-x64

3

eapi.dll

windows10-2004-x64

3

quricol32.dll

windows7-x64

1

quricol32.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    13s
  • max time network
    36s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 00:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    BuhtaDev.chm

  • Size

    396KB

  • MD5

    2c1e5c9bd8e1a7f5a01d6840b715bcfd

  • SHA1

    6261eb9affd394dfc01c8c645ef5fbd3c1b1c981

  • SHA256

    2ac5beadb46df69331c214b01e7994415a15698605d04e8e2f87bea40c2d420d

  • SHA512

    622192042802bdc90be8d5a96c126252be49ae3d1f51f7e40cd44d95de09110edff79934d50445297d79667d4b20d8da5c68b295f68fe0c50a25169634def0bb

  • SSDEEP

    12288:nZVyrEJf+EwUEZ+voA3dCeOty3OuRHgLDpGpEGy6ULe:nurEd+X+v/tCtQ3OuRApGiGCC

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Windows\hh.exe
    "C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\BuhtaDev.chm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads