a25480c60feb5c82b3b5c22fdff9338a42149a2c4c13886df399fefe9bff5775

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 23:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70e5bd0ff19c36219cbc9c907116f1bf.exe
Size

15KB
MD5

70e5bd0ff19c36219cbc9c907116f1bf
SHA1

2efae450016255fdc9e36615c2df2f2aed8ea29e
SHA256

a25480c60feb5c82b3b5c22fdff9338a42149a2c4c13886df399fefe9bff5775
SHA512

d3935e5672dc29e0c4a24b6d91affa337fcec46fe72d5ef713f453fd319fc94d446c8df7b836623590986794a70569923b4e1e83edd2172b59cb0df7598e70ff
SSDEEP

192:uxqO9CQWRIgiZKJ6yEqlpmyfC9igTsboMlQ2G92n44l2R38vA92hK7xo+s:ux0QWRIgOytfSVE44ls3vW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2052	budha.exe

Loads dropped DLL 2 IoCs

pid	Process
2364	70e5bd0ff19c36219cbc9c907116f1bf.exe
2364	70e5bd0ff19c36219cbc9c907116f1bf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2052	2364	70e5bd0ff19c36219cbc9c907116f1bf.exe	17
PID 2364 wrote to memory of 2052	2364	70e5bd0ff19c36219cbc9c907116f1bf.exe	17
PID 2364 wrote to memory of 2052	2364	70e5bd0ff19c36219cbc9c907116f1bf.exe	17
PID 2364 wrote to memory of 2052	2364	70e5bd0ff19c36219cbc9c907116f1bf.exe	17

C:\Users\Admin\AppData\Local\Temp\70e5bd0ff19c36219cbc9c907116f1bf.exe
"C:\Users\Admin\AppData\Local\Temp\70e5bd0ff19c36219cbc9c907116f1bf.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
16KB

MD5
da0dae9937c919778c7cf54b2d1f48dc

SHA1
8df770f18cbcc38aeb4271b06c6108211b7319b6

SHA256
0fd071f7927d1d392fc864501f5f57c06d1b5993307526cdda638054c56de9fb

SHA512
b727ba2f7bc6614bde27a39caf5753b813daf930d03095970665e8f41c943eae965ec8823f4a26d28b80a8d0e5def53e8ca77e909e402e66b885c65129c2fe89

Download Submit