Overview

overview

7

Static

static

1

8d8929d60c...1c.exe

windows7-x64

7

8d8929d60c...1c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-03-2024 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d8929d60c8b38ab262ebf681c0c119e768e840dc596fd3a0f88fb3a57a8211c.exe

  • Size

    35KB

  • MD5

    90514d7350364e61e9561b0df4d6329e

  • SHA1

    c4728e7da66a4e977c1427df00e2de969d11aad9

  • SHA256

    8d8929d60c8b38ab262ebf681c0c119e768e840dc596fd3a0f88fb3a57a8211c

  • SHA512

    696567f018845e4cb6184d15a95b4082a44104d3030e15ce6016a22b9baecd9576a5f9d1b428e163918d684184ead9dd4cc2bc3d25bd29f1868144213ce65361

  • SSDEEP

    768:y2cKhY94XKj9wGzfcgtgAvH2bEzPfi+p4z:xcKhY9aMdj28fliz

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d8929d60c8b38ab262ebf681c0c119e768e840dc596fd3a0f88fb3a57a8211c.exe
    "C:\Users\Admin\AppData\Local\Temp\8d8929d60c8b38ab262ebf681c0c119e768e840dc596fd3a0f88fb3a57a8211c.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Users\Admin\AppData\Local\Temp\budha.exe
      "C:\Users\Admin\AppData\Local\Temp\budha.exe"
      2⤵
      • Executes dropped EXE
      PID:548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\budha.exe
    Filesize

    35KB

    MD5

    4089726804470b5571893091f4bf5fd7

    SHA1

    41eb852838386e89813de80db3b5c0094930cc4b

    SHA256

    a0c124348630ba2987ff6ab9e4875630930ad1c9b4086939ea7d7ff24749350a

    SHA512

    c53c46fbaf9a34714c11419f4fa81ca8da381744ec4a095b81acdb6e0680e505ced8de102d85c5315936ceb113ccfea2145a000b66e8d204db3d4b33aaa73c80

    Download Submit

  • memory/548-12-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/548-13-0x0000000002060000-0x0000000002061000-memory.dmp

    Filesize

    4KB

    Download

  • memory/548-14-0x00000000001F0000-0x00000000001F7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/548-15-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/548-17-0x00000000001F0000-0x00000000001F7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/3052-0-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/3052-1-0x00000000021A0000-0x00000000021A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3052-3-0x0000000002190000-0x0000000002197000-memory.dmp

    Filesize

    28KB

    Download

  • memory/3052-10-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download