Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
01/05/2024, 00:55
General
-
Target
945b15d82646489b6b6f3c7190456028266712627f2b10e50d4923735017601b.exe
-
Size
29KB
-
MD5
7fa1fa986ba15f78524ad2790851b3f4
-
SHA1
d532c347d00d93e8e0606559bfb1bf096fc4b0bb
-
SHA256
945b15d82646489b6b6f3c7190456028266712627f2b10e50d4923735017601b
-
SHA512
34928129f1e339de5064a4850b96e81c5fa98e87d08bea7e1ade28a30f5435d47c5da84ba6438a6a1ab74c724bea53ad62f602c1bae12639e71b2017c847b0ec
-
SSDEEP
384:iQ4n4X4f0y4vEhbTKFMWWeJqljfgj3WfgVl6DuwcPM2fTcz:ong40YfnWWeJqhIKuUDmG
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\945b15d82646489b6b6f3c7190456028266712627f2b10e50d4923735017601b.exe"C:\Users\Admin\AppData\Local\Temp\945b15d82646489b6b6f3c7190456028266712627f2b10e50d4923735017601b.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\budha.exe"C:\Users\Admin\AppData\Local\Temp\budha.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
30KB
MD515bbb0732513387fe11778b0a4cb004b
SHA14bef4db369c104888a567b97b7763c5fd9bd6cdf
SHA256ed7d1f54a9ed56eafb8a6d0a1d26032353bec18ac86ec1ab1b99e9ed1d36666c
SHA512ee3a20e2b4fccbbbc1cd609b820e3c04b9488ab77b6770476a9bbf1e4d0bed01575b1a84d80a58ace6d3e374481cade94d8c3ff60db49f25b732959a0b7f46a0