Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
04-10-2024 21:18
General
-
Target
48cdd2ff32448c5bc5a9233332341b3fc54c4e3e33fb6ae2f4d00bf323211ef7.exe
-
Size
6KB
-
MD5
58cc2783652b322c44f5ec0e8c565805
-
SHA1
a8a64d378b11bdd9b362cb82dfae2464190b9729
-
SHA256
48cdd2ff32448c5bc5a9233332341b3fc54c4e3e33fb6ae2f4d00bf323211ef7
-
SHA512
9d9a30a59eb6f0d38015944c08d7b0745271a2f6d1431c7120515ec177e6faf2cc61c81875846cac4c816d2bab7fe150175e729c962d71054a5b232565ad7809
-
SSDEEP
48:6smMYh4UdS9dWFt/R9Y2309iqKW1Nb8/uR5FyG1laAXJtyBSUdez5CS7Ng+larux:ihFz933o1N4/Eo2ty4Udu5C0laqx
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\48cdd2ff32448c5bc5a9233332341b3fc54c4e3e33fb6ae2f4d00bf323211ef7.exe"C:\Users\Admin\AppData\Local\Temp\48cdd2ff32448c5bc5a9233332341b3fc54c4e3e33fb6ae2f4d00bf323211ef7.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\budha.exe"C:\Users\Admin\AppData\Local\Temp\budha.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD5aa34f472243138aa66e8404f53d5f72d
SHA1debe62201b31ea4137b5e71cd894486ac3bd3740
SHA256f290be7d0c06753da2a315af42647f716d68dc3482b39d1d43cba714d9ecdc3a
SHA512e542dfc39b13ee2d70962cefc661126a5631db8e193df61e82788e31ee136d3d4851b139d5f01fa6bae5339031356d0d243fe4daabf5fe86a0b9771fd8e040b1