e1457f464a782e2ca1a379de665c7dc44cc58c8400a8ccbd29caf9e9a4180705

Analysis

max time kernel
147s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1457f464a782e2ca1a379de665c7dc44cc58c8400a8ccbd29caf9e9a4180705.exe
Size

25KB
MD5

b7f2844b649ef91013fdd0bb3f92cf0c
SHA1

264577cf174a7695e0a8a9dcf0bf288300ba67e1
SHA256

e1457f464a782e2ca1a379de665c7dc44cc58c8400a8ccbd29caf9e9a4180705
SHA512

38722f9bebb567db1ca0fec2593d7e2b90e3fd937026fc158e5a6c2fec7c8a811f1f3500a9d11e3e975baf9b6a3846e841944ad6ef9fc5c15b0d3aad02b39919
SSDEEP

384:0u1MfDP3WwG1pB/yQWOO/+0l+WHrV3O8+/W4:dSa/XB/KTG0lXrthh4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2204	budha.exe

Loads dropped DLL 1 IoCs

pid	Process
2812	e1457f464a782e2ca1a379de665c7dc44cc58c8400a8ccbd29caf9e9a4180705.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 2204	2812	e1457f464a782e2ca1a379de665c7dc44cc58c8400a8ccbd29caf9e9a4180705.exe	28
PID 2812 wrote to memory of 2204	2812	e1457f464a782e2ca1a379de665c7dc44cc58c8400a8ccbd29caf9e9a4180705.exe	28
PID 2812 wrote to memory of 2204	2812	e1457f464a782e2ca1a379de665c7dc44cc58c8400a8ccbd29caf9e9a4180705.exe	28
PID 2812 wrote to memory of 2204	2812	e1457f464a782e2ca1a379de665c7dc44cc58c8400a8ccbd29caf9e9a4180705.exe	28

C:\Users\Admin\AppData\Local\Temp\e1457f464a782e2ca1a379de665c7dc44cc58c8400a8ccbd29caf9e9a4180705.exe
"C:\Users\Admin\AppData\Local\Temp\e1457f464a782e2ca1a379de665c7dc44cc58c8400a8ccbd29caf9e9a4180705.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9757.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
25KB

MD5
d88beedac8a91ac8a26e4f768777a798

SHA1
148fbd35041acd185b5618feebf108e7c1f831c2

SHA256
56f33ae3616b596c64b6343cede2fcc1055ad64646ccc33dde3dcddac56922bd

SHA512
4777e41cd55d8d9d98d4051dce8925007f186224a95af8ce1c5155c203e990b73bb98dd6bc75111f3bec2346d613d2e7dbda4d1ed0b635f2bbe315cba9f51726

Download Submit
memory/2204-10-0x0000000000410000-0x0000000000417000-memory.dmp

Filesize
28KB

Download
memory/2204-12-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download
memory/2204-13-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2204-200-0x0000000000410000-0x0000000000417000-memory.dmp

Filesize
28KB

Download
memory/2204-303-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2812-0-0x0000000000410000-0x0000000000417000-memory.dmp

Filesize
28KB

Download
memory/2812-3-0x0000000002140000-0x0000000002147000-memory.dmp

Filesize
28KB

Download
memory/2812-1-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2812-9-0x0000000000410000-0x0000000000417000-memory.dmp

Filesize
28KB

Download