cecf715d8867340083b28036bc7f2f6c0eedd90e6ca36d42a5eeae34bfbc3ceb

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
17/06/2024, 02:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cecf715d8867340083b28036bc7f2f6c0eedd90e6ca36d42a5eeae34bfbc3ceb.exe
Size

5KB
MD5

e1f8b646247e7f0065338b570557872a
SHA1

6c5b2a9d8681ac7bce9868e9fafdd866b5f73d0e
SHA256

cecf715d8867340083b28036bc7f2f6c0eedd90e6ca36d42a5eeae34bfbc3ceb
SHA512

3b13d6715e23141531d38184cc1010a945746ce84c7a98a093ba62477d75babd768987c8255dcf42f12236d7f317d28b1cd604083536f4c2993615745f1ba14e
SSDEEP

96:w+Ce7X3BIxjJZanuHnnwR2Ut2ClAhxOvCEX:whe7hIFnwR2UBA8DX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2228	budha.exe

Loads dropped DLL 2 IoCs

pid	Process
2856	cecf715d8867340083b28036bc7f2f6c0eedd90e6ca36d42a5eeae34bfbc3ceb.exe
2856	cecf715d8867340083b28036bc7f2f6c0eedd90e6ca36d42a5eeae34bfbc3ceb.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2228	2856	cecf715d8867340083b28036bc7f2f6c0eedd90e6ca36d42a5eeae34bfbc3ceb.exe	28
PID 2856 wrote to memory of 2228	2856	cecf715d8867340083b28036bc7f2f6c0eedd90e6ca36d42a5eeae34bfbc3ceb.exe	28
PID 2856 wrote to memory of 2228	2856	cecf715d8867340083b28036bc7f2f6c0eedd90e6ca36d42a5eeae34bfbc3ceb.exe	28
PID 2856 wrote to memory of 2228	2856	cecf715d8867340083b28036bc7f2f6c0eedd90e6ca36d42a5eeae34bfbc3ceb.exe	28

C:\Users\Admin\AppData\Local\Temp\cecf715d8867340083b28036bc7f2f6c0eedd90e6ca36d42a5eeae34bfbc3ceb.exe
"C:\Users\Admin\AppData\Local\Temp\cecf715d8867340083b28036bc7f2f6c0eedd90e6ca36d42a5eeae34bfbc3ceb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
5KB

MD5
38ef5987a339aa7427a0fe833e0f9afc

SHA1
046afa1ba0bedb971a0bf22782bcc58aaf98a8a3

SHA256
f3520e28f6df4d40d5dd99a52f81ca0d320a70460e86503eb3e3b1b3c4313d38

SHA512
fb657d1da7774738cf142960faaffc246492bf0de81ad6f9394f1cc160d23fd90a90cf993a3518bea680288efe887a53fd214fb5d7a0565868e03a5ba5be5c48

Download Submit