Overview

overview

10

Static

static

3

bee5a87940...d8.exe

windows7-x64

10

bee5a87940...d8.exe

windows10-1703-x64

7

bee5a87940...d8.exe

windows10-2004-x64

7

bee5a87940...d8.exe

windows11-21h2-x64

7

Resubmissions

12-04-2024 14:24

240412-rq4mhabb49 10

12-04-2024 14:23

240412-rqj8vseb6x 10

12-04-2024 14:23

240412-rqhp2abb46 8

12-04-2024 14:23

240412-rqhd9seb6w 8

12-04-2024 14:23

240412-rqgsqseb6v 8

09-04-2024 07:30

240409-jb97qsch3w 10

09-04-2024 07:30

240409-jb2wcshe88 10

09-04-2024 07:29

240409-jba3mscg9s 10

09-04-2024 07:28

240409-ja2h7she62 7

29-03-2024 02:37

240329-c4jf6aga87 9

Analysis

  • max time kernel
    258s
  • max time network
    1205s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-04-2024 14:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe

  • Size

    1.9MB

  • MD5

    bab406ad3b0603a45625755ffbccce49

  • SHA1

    7ce0bd31c68c5b54854098acad195b7a8d804939

  • SHA256

    bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8

  • SHA512

    a85ca2bc5ab42f8d32856a87c665b66df7d8e1c1ebbb143015d06fcc1bddba1faf684e2ee1d2a572f5ed04edf3a061837c293b5c1e3d2214864b90d8a68d25cc

  • SSDEEP

    49152:hgWDef4IXn7EvfNf+x83OeG5ztpAEq2pe2n9SCtQV:hvo49fk83ONztiEqz2nA

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • UPX packed file 53 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe
    "C:\Users\Admin\AppData\Local\Temp\bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4300
    • C:\Users\Admin\AppData\Local\Temp\bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe
      "C:\Users\Admin\AppData\Local\Temp\bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      PID:1776
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3784 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1696
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:8436

      Network

      MITRE ATT&CK Matrix ATT&CK v13

      Initial Access

      Execution

      Persistence

      Boot or Logon Autostart Execution

      1
      T1547

      Registry Run Keys / Startup Folder

      1
      T1547.001

      Privilege Escalation

      Boot or Logon Autostart Execution

      1
      T1547

      Registry Run Keys / Startup Folder

      1
      T1547.001

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Discovery

      Network Service Discovery

      1
      T1046

      System Information Discovery

      1
      T1082

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Web Service

      1
      T1102

      Impact

      Resource Development

      Reconnaissance

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
        Filesize

        2.7MB

        MD5

        dab2b43a5160f05ac051521d8b3c9cb3

        SHA1

        68363d3e871099ff6d1a555e4c1c78bb8f15fb5d

        SHA256

        af4bb8cfd42af037db2ce687f858c9627e7dc9d953a46f8539c9cd6fa2e8eebc

        SHA512

        ad5a16746933b869d0e520bec027ff37cefd75c5add28ec8811bef0fffbe0126b6b44cb9c80c70dbe088bbbfb9e3a611bb1370189d8978793cbeb36ea9873211

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
        Filesize

        8.6MB

        MD5

        219f74732fc576aa8f2e167eba81f027

        SHA1

        4f19be681007f1885c722553af12647f7c0f35b3

        SHA256

        d40f97c7ceca62500c2cf23443514054d576d2fb884e3247fcff0c306cbb115a

        SHA512

        6dd44974d08ebfeb922c1c295d2a221c1178950aed9e0235c6f5b55aa9a7d45859e69536dbd2541893e2efbc40628f3e09d36e1b7b4279ccc45ca5b0daaee635

        Download Submit
      • memory/1776-3-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-4-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-5-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-6-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-7-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-8-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-13-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-14-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-15-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-16-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-17-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-18-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-19-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-22-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-23-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-24-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-25-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-26-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-27-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-43-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-44-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-45-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-49-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-50-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-59-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-60-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-61-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-62-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-63-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-65-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-70-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-79-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-84-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-85-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-97-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-100-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-99-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-93-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-92-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-87-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-95-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-83-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-88-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-81-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-80-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-77-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-75-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-73-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-78-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-74-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-69-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-72-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/1776-67-0x0000000000400000-0x0000000000848000-memory.dmp
        Filesize

        4.3MB

        Download
      • memory/4300-1-0x0000000002420000-0x00000000025DA000-memory.dmp
        Filesize

        1.7MB

        Download
      • memory/4300-2-0x00000000025E0000-0x0000000002797000-memory.dmp
        Filesize

        1.7MB

        Download