Overview

overview

10

Static

static

3

bee5a87940...d8.exe

windows7-x64

10

bee5a87940...d8.exe

windows10-1703-x64

7

bee5a87940...d8.exe

windows10-2004-x64

7

bee5a87940...d8.exe

windows11-21h2-x64

7

Resubmissions

12-04-2024 14:24

240412-rq4mhabb49 10

12-04-2024 14:23

240412-rqj8vseb6x 10

12-04-2024 14:23

240412-rqhp2abb46 8

12-04-2024 14:23

240412-rqhd9seb6w 8

12-04-2024 14:23

240412-rqgsqseb6v 8

09-04-2024 07:30

240409-jb97qsch3w 10

09-04-2024 07:30

240409-jb2wcshe88 10

09-04-2024 07:29

240409-jba3mscg9s 10

09-04-2024 07:28

240409-ja2h7she62 7

29-03-2024 02:37

240329-c4jf6aga87 9

Analysis

  • max time kernel
    175s
  • max time network
    1206s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-04-2024 14:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe

  • Size

    1.9MB

  • MD5

    bab406ad3b0603a45625755ffbccce49

  • SHA1

    7ce0bd31c68c5b54854098acad195b7a8d804939

  • SHA256

    bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8

  • SHA512

    a85ca2bc5ab42f8d32856a87c665b66df7d8e1c1ebbb143015d06fcc1bddba1faf684e2ee1d2a572f5ed04edf3a061837c293b5c1e3d2214864b90d8a68d25cc

  • SSDEEP

    49152:hgWDef4IXn7EvfNf+x83OeG5ztpAEq2pe2n9SCtQV:hvo49fk83ONztiEqz2nA

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • UPX packed file 56 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe
    "C:\Users\Admin\AppData\Local\Temp\bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:228
    • C:\Users\Admin\AppData\Local\Temp\bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe
      "C:\Users\Admin\AppData\Local\Temp\bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      PID:1924

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Network Service Discovery

1
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus
    Filesize

    2.7MB

    MD5

    f3cfdc25320e22f52311dc641da7296a

    SHA1

    888edfaf1e83ea3456f1e9decbb4fc8dbe87d806

    SHA256

    10fb77bde15a1cb86207a91dafab768f54f191c03ad76a7a5f1aa5ecf21a21a3

    SHA512

    1b683317f39471003d3a95cbdec889ae7312ee2123238de7956d3e14dd9ce02b379ed56e38942bf7e0db5d17bb1489d23247c5223c069a0e5f5ae41e7e3bc63c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
    Filesize

    5.8MB

    MD5

    bc0a2b2aee1d349866f3794aba11513e

    SHA1

    eaef4e8f92e716e79ba4b4308c168c6ef86e8194

    SHA256

    18ff0891ec09a511a53276478a6e38cc9735626d9239709651cc930feca3a535

    SHA512

    0ae5e47097fcb70953867cea67c01e67eda9d33316b62d30490babe48eba60e4d91fcf78c8054fd114e508bdc501bf4df5e775baca5684e91da276309141ef58

    Download Submit
  • memory/228-1-0x00000000026C0000-0x0000000002886000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/228-3-0x0000000002890000-0x0000000002A47000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/1924-2-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-5-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-6-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-7-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-8-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-9-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-24-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-39-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-40-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-41-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-42-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-46-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-47-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-48-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-50-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-53-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-60-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-59-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-65-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-73-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-83-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-72-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-70-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-69-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-68-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-75-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-62-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-74-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-66-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-63-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-61-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-57-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-56-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-58-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-55-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-52-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-51-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-90-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-92-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-100-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-97-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-85-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-95-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-94-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-93-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-91-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-77-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-87-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-96-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-84-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-81-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-79-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-71-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-88-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-78-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/1924-101-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download