Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
19/11/2024, 15:35
General
-
Target
f64680c81de390beba50a40069ec6081ed170a0a96af9e6c2a8eb78d9c3ff625.exe
-
Size
55KB
-
MD5
7e9eb5ffc8b4d3c66e40931591c337ce
-
SHA1
41520b10eedb1d924c2e1881915aa1e5b3488964
-
SHA256
f64680c81de390beba50a40069ec6081ed170a0a96af9e6c2a8eb78d9c3ff625
-
SHA512
0ab6edf5ce7afb4f389298dbe1d4cf1316c45ebd0b7245b957e7444f71bed3f38065c35ea7be0b63f5126520fb3a4400e1695b783ea14d89ae443b368d6cbdf0
-
SSDEEP
768:HT1g40wSXvdMx+v3fUFqFRFo6kF7xNvCMUM33ScGyVe57SOsGUie8YgVOmp:Hxg2SfdMw3KeE52ayu07SOzUglh
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f64680c81de390beba50a40069ec6081ed170a0a96af9e6c2a8eb78d9c3ff625.exe"C:\Users\Admin\AppData\Local\Temp\f64680c81de390beba50a40069ec6081ed170a0a96af9e6c2a8eb78d9c3ff625.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\budha.exe"C:\Users\Admin\AppData\Local\Temp\budha.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
55KB
MD5c815351704846e2dd5307ae09bd21309
SHA189950bd035b857036ec4eb68ea8d649407891df6
SHA25603068ffffa08a3e0f896d0b942beeedf66199a816bf3f03ca858f2ec1163f1c1
SHA512ae4c0de232641923aa60e792daf8745f2c6813511ea7d47db7c5893e29de967159e7c6e2df38913ae0b8594a2abe9296055dee1c963f82130b00c245704e3421