28a4624845db5e886de5d19be7c9dc4e96a5fb2d8875d7175cf28b7fc167cfc4

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 11:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

abe8766de552303fd26df68554a78e40N.exe
Size

20KB
MD5

abe8766de552303fd26df68554a78e40
SHA1

7059a3f0d18ed96e15d054d2637265be661870cd
SHA256

28a4624845db5e886de5d19be7c9dc4e96a5fb2d8875d7175cf28b7fc167cfc4
SHA512

e9743d304230e9afce7b17336547b0673747e8860d72298b1d48ceca98f2417c8d4a965474a8717c15b7436a11937b933e81db733dad18323dea4b82b80396d4
SSDEEP

384:n+a1TQfYjQXViHa8q6QXEnLgi+M/+4H+YpXiq8sSqpEYp:n+a1GCQli686XgOM/Onc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3068	budha.exe

Loads dropped DLL 1 IoCs

pid	Process
2016	abe8766de552303fd26df68554a78e40N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 3068	2016	abe8766de552303fd26df68554a78e40N.exe	30
PID 2016 wrote to memory of 3068	2016	abe8766de552303fd26df68554a78e40N.exe	30
PID 2016 wrote to memory of 3068	2016	abe8766de552303fd26df68554a78e40N.exe	30
PID 2016 wrote to memory of 3068	2016	abe8766de552303fd26df68554a78e40N.exe	30

C:\Users\Admin\AppData\Local\Temp\abe8766de552303fd26df68554a78e40N.exe
"C:\Users\Admin\AppData\Local\Temp\abe8766de552303fd26df68554a78e40N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Users\Admin\AppData\Local\Temp\budha.exe
  "C:\Users\Admin\AppData\Local\Temp\budha.exe"
  2⤵
  - Executes dropped EXE
  PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\budha.exe

Filesize
20KB

MD5
723be08dc2acf26d674240b396545871

SHA1
fca8969e69f112b6d8e65e1bc5cd6bb2c7e18295

SHA256
c60661313c89f3fbfc1bcfbc302c8b2786f274364b7022024d8a6d0741ce1b4e

SHA512
cded87d607540a2ba9cbbb7902f67c286c458274840ddfae1902607d344500e5a912799cbf04a0e17fb5e5650c903e3b16910f4838f92320a6a6cc9ada5f13d6

Download Submit
memory/2016-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2016-2-0x0000000002D00000-0x0000000002D01000-memory.dmp

Filesize
4KB

Download
memory/2016-10-0x0000000002D10000-0x0000000003110000-memory.dmp

Filesize
4.0MB

Download
memory/2016-9-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3068-11-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/3068-13-0x0000000002C50000-0x0000000003050000-memory.dmp

Filesize
4.0MB

Download
memory/3068-14-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download