109762f26f2b853654b8f4ba054e3998545e4db3101022a31adefb93a74ffcc2

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

191baadbf13fd75c1224c5b46bc82c30N.exe
Size

42KB
MD5

191baadbf13fd75c1224c5b46bc82c30
SHA1

79096508db7aaded4b42f6115865136481e1b06a
SHA256

109762f26f2b853654b8f4ba054e3998545e4db3101022a31adefb93a74ffcc2
SHA512

e71d4c98cbae8a9f9ec95566b9ec05e6c9d5d1c8c80e7ba818d036c884fb7b1c6caff4160aa827dc44d03e7b09ace98044c003eeae09f4255fc8e0f6b1f02e4d
SSDEEP

384:EACDQL/TQfYjQXoHyglpIK0KYTA6QXEVvYpMlQYpxlqiq8sSKpEq8:EXQLGCQYHyY6gX8v+slxf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2744	budha.exe

Loads dropped DLL 1 IoCs

pid	Process
2736	191baadbf13fd75c1224c5b46bc82c30N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 2744	2736	191baadbf13fd75c1224c5b46bc82c30N.exe	30
PID 2736 wrote to memory of 2744	2736	191baadbf13fd75c1224c5b46bc82c30N.exe	30
PID 2736 wrote to memory of 2744	2736	191baadbf13fd75c1224c5b46bc82c30N.exe	30
PID 2736 wrote to memory of 2744	2736	191baadbf13fd75c1224c5b46bc82c30N.exe	30

C:\Users\Admin\AppData\Local\Temp\191baadbf13fd75c1224c5b46bc82c30N.exe
"C:\Users\Admin\AppData\Local\Temp\191baadbf13fd75c1224c5b46bc82c30N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
42KB

MD5
94ac82095000af432ec4d8fbded8bf26

SHA1
7800fb0fa2bf95336cd25ae4d7cda9c0b88541e5

SHA256
277ca7f4beb87edef5bfb6e855354346fa77a299c1ed3eb2f80f5e85a016c2f6

SHA512
1598046eb9a74f58a306f8910a3d1dda844494d3695fde2728c7c154c7cc2ba30176de3535d9c5fef8a1d03f65e81c4f48a2c95eecb192341562eb8c4c94f83b

Download Submit
memory/2736-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2736-3-0x0000000002B60000-0x0000000002F60000-memory.dmp

Filesize
4.0MB

Download
memory/2736-2-0x0000000002B50000-0x0000000002B51000-memory.dmp

Filesize
4KB

Download
memory/2736-6-0x0000000003110000-0x0000000003120000-memory.dmp

Filesize
64KB

Download
memory/2736-10-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2744-12-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2744-13-0x0000000002B00000-0x0000000002F00000-memory.dmp

Filesize
4.0MB

Download
memory/2744-14-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download