Overview

overview

7

Static

static

1

Setup_BEYOND_Ev.exe

windows10-1703-x64

7

Setup_BEYOND_Ev.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    193s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10/10/2023, 22:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_BEYOND_Ev.exe

  • Size

    701.5MB

  • MD5

    ae0936fe8163483ae41986cd78330a3a

  • SHA1

    c859c85283e49737a559e142780d95d173c58120

  • SHA256

    7e26c11e8ccb390e460fcc533ea9001132399a86f322accc3037af31c390c34b

  • SHA512

    d04b807685e242f2c0b416bdfcc56978229cdad2213b262125bd94c2515fc58c024b6fece4548ff05587bdae14506f69c07295db7b22e106f77e4545d1195352

  • SSDEEP

    12582912:YENoKzeuNPyQ0d1kPZim6UeeQsIuBLhwQbEbuAKb5gk9FYD4Dk/djp1qygh8PH:YExqIPe+Z76UeetIuBLBb5gk9+p/dp1X

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_BEYOND_Ev.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_BEYOND_Ev.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Users\Admin\AppData\Local\Temp\is-HU1P3.tmp\Setup_BEYOND_Ev.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-HU1P3.tmp\Setup_BEYOND_Ev.tmp" /SL5="$801FC,734748157,723968,C:\Users\Admin\AppData\Local\Temp\Setup_BEYOND_Ev.exe"
      2⤵
      • Executes dropped EXE
      PID:4264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-HU1P3.tmp\Setup_BEYOND_Ev.tmp
    Filesize

    2.4MB

    MD5

    6e017af6f26b6e9a90a71650c47be114

    SHA1

    6aaf30bce969858cd9deba5353422fa9ee88cdd1

    SHA256

    04a09e954a98b9af2c476df71c7f1d6b79fc0604c695d69871e2d92d99b4aec7

    SHA512

    5bb18cd449ca6478b034df7954a6bb9ff3b7511bbec7b657adfc9c4b0947eb0dd5b7c3b146ef8290b662104eb6148db973a78aa53dc829658ef63b2747c0b76b

    Download Submit

  • memory/2344-1-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2344-8-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/4264-6-0x0000000000C50000-0x0000000000C51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4264-9-0x0000000000400000-0x0000000000679000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/4264-10-0x0000000000C50000-0x0000000000C51000-memory.dmp

    Filesize

    4KB

    Download