Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10-04-2024 05:44
General
-
Target
1f7a166a9301d6276e4997b7c338572d.exe
-
Size
33KB
-
MD5
1f7a166a9301d6276e4997b7c338572d
-
SHA1
e7548aea844dea7ab0039b343dd1fe73407bdc5f
-
SHA256
bb487daff10c8c5a3475c050c49ff74e661a33bcde4f4a11ab30ce895139dd5d
-
SHA512
9784969c8c03472e0247ac858b58f67df5fafd42fe298f3169f92881f7eeaef2a18a0036788d8c39e436c2eb411db25880e36afb162e85c2d5cbfa7014fa0d15
-
SSDEEP
384:nWzwZcuieV9yzK1/50F+xX9zm4s5KFB6Eq8TULYCry31zVYjgJpU33j:W9eVPiaXxm4skB+YCGFzVYj7Hj
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1f7a166a9301d6276e4997b7c338572d.exe"C:\Users\Admin\AppData\Local\Temp\1f7a166a9301d6276e4997b7c338572d.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\budha.exe"C:\Users\Admin\AppData\Local\Temp\budha.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
33KB
MD54a1cd47160a56ac65fa5fa7767c6ded5
SHA1f2c91a77343e85cf6f4b39c33375ce488cd7a5ee
SHA25612c98f5210a168a402a253553c6de440e0f23efe87f4c904f6c824f2f058c4f8
SHA512aaf0c490eecc32a1df560fc07012077cf14ef90a1974eb448f28c8bfe86b9be794db3a4c26e6c2faaa71410b406fb979349aaf1f2c9a941b3167e1291dc138f7
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
28KB
-
Filesize
32KB
-
Filesize
28KB
-
Filesize
8KB
-
Filesize
32KB
-
Filesize
4KB
-
Filesize
28KB
-
Filesize
32KB