Overview

overview

8

Static

static

8

bebee881d6...2e.exe

windows7-x64

8

bebee881d6...2e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    185s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2022 07:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bebee881d6161401027222dc4b2557ab1187a74a8fe5c906b134beda59cb0c2e.exe

  • Size

    362KB

  • MD5

    5eb62ff48048584ae1a29d6a4698ccae

  • SHA1

    a78bb9335164d216ab7bcdce5a7d9040d323c598

  • SHA256

    bebee881d6161401027222dc4b2557ab1187a74a8fe5c906b134beda59cb0c2e

  • SHA512

    c1e0f9624b3485e68478c44e1dec888c7d9980c76a0676bbc47b56c200725417ad0c4a58a0da1b9db5529d9cc165807ec323955dea0090ffb76dea0873393579

  • SSDEEP

    6144:C3rcIG98IZou0XYDd0mfFhTESz5kTM2pnOhwXHrhBBon6hP6d998o8tl/6e:y/uEYDNfPBzI7OhK9o6hP6d9F8r/

Score
8/10
discoveryevasiontrojanupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bebee881d6161401027222dc4b2557ab1187a74a8fe5c906b134beda59cb0c2e.exe
    "C:\Users\Admin\AppData\Local\Temp\bebee881d6161401027222dc4b2557ab1187a74a8fe5c906b134beda59cb0c2e.exe"
    1⤵
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1260

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1260-54-0x0000000000400000-0x0000000000471000-memory.dmp

    Filesize

    452KB

    Download

  • memory/1260-55-0x00000000002E0000-0x000000000031E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1260-56-0x0000000075C41000-0x0000000075C43000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1260-57-0x0000000000320000-0x00000000003BD000-memory.dmp

    Filesize

    628KB

    Download

  • memory/1260-61-0x000000000037F000-0x00000000003BC000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1260-60-0x0000000000320000-0x00000000003BD000-memory.dmp

    Filesize

    628KB

    Download

  • memory/1260-62-0x0000000000320000-0x00000000003BD000-memory.dmp

    Filesize

    628KB

    Download

  • memory/1260-63-0x0000000000321000-0x000000000037F000-memory.dmp

    Filesize

    376KB

    Download

  • memory/1260-64-0x000000000037F000-0x00000000003BC000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1260-65-0x0000000000321000-0x000000000037F000-memory.dmp

    Filesize

    376KB

    Download