Overview

overview

10

Static

static

10

Project Buu.rar

windows7-x64

10

Project Buu.rar

windows10-2004-x64

10

Project Bu...es.exe

windows7-x64

10

Project Bu...es.exe

windows10-2004-x64

10

Project Bu...Buu.py

windows7-x64

3

Project Bu...Buu.py

windows10-2004-x64

3

Project Buu/READ.txt

windows7-x64

1

Project Buu/READ.txt

windows10-2004-x64

3

Analysis

  • max time kernel
    1151s
  • max time network
    1151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2024 06:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Project Buu/Project Buu.py

  • Size

    8KB

  • MD5

    462eb1972b1711ce306e84c6b287141c

  • SHA1

    d6f0ca3723a23e474e659c46a5a8a237dbc0af38

  • SHA256

    afb4eebadb9704280e1088a8c815787c983f77e95e8998f4c0cd1bb5db05d053

  • SHA512

    c341137d941bd59eb9b17a0d0bd198cd0cfa42bdaaf9d8a8a494b708131834df877bcfdb2c82dc1c29a741ae603976b93dd9b03d3ffb0c679367d639a96a489a

  • SSDEEP

    96:r0xZ/z+1/CaBA+wFrmOdI/t2zYMczdoS6QS0UDZDUmEwID/Anr5weOkKixpiWWjb:/BSnW1JdBOJhPE//AOeOHiTu8Bv4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Buu\Project Buu.py"
    1⤵
    • Modifies registry class
    PID:540
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:3196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads