Overview

overview

10

Static

static

3

bee5a87940...d8.exe

windows7-x64

7

bee5a87940...d8.exe

windows10-1703-x64

8

bee5a87940...d8.exe

windows10-2004-x64

7

bee5a87940...d8.exe

windows11-21h2-x64

10

Resubmissions

12-04-2024 14:24

240412-rq4mhabb49 10

12-04-2024 14:23

240412-rqj8vseb6x 10

12-04-2024 14:23

240412-rqhp2abb46 8

12-04-2024 14:23

240412-rqhd9seb6w 8

12-04-2024 14:23

240412-rqgsqseb6v 8

09-04-2024 07:30

240409-jb97qsch3w 10

09-04-2024 07:30

240409-jb2wcshe88 10

09-04-2024 07:29

240409-jba3mscg9s 10

09-04-2024 07:28

240409-ja2h7she62 7

29-03-2024 02:37

240329-c4jf6aga87 9

Analysis

  • max time kernel
    434s
  • max time network
    1800s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-04-2024 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe

  • Size

    1.9MB

  • MD5

    bab406ad3b0603a45625755ffbccce49

  • SHA1

    7ce0bd31c68c5b54854098acad195b7a8d804939

  • SHA256

    bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8

  • SHA512

    a85ca2bc5ab42f8d32856a87c665b66df7d8e1c1ebbb143015d06fcc1bddba1faf684e2ee1d2a572f5ed04edf3a061837c293b5c1e3d2214864b90d8a68d25cc

  • SSDEEP

    49152:hgWDef4IXn7EvfNf+x83OeG5ztpAEq2pe2n9SCtQV:hvo49fk83ONztiEqz2nA

Score
10/10
discoverypersistenceupx

Malware Config

Extracted

Credentials

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    sipeges.it
  • Port:
    21
  • Username:
    eventi
  • Password:
    2022M

Signatures

  • UPX packed file 56 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe
    "C:\Users\Admin\AppData\Local\Temp\bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4576
    • C:\Users\Admin\AppData\Local\Temp\bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe
      "C:\Users\Admin\AppData\Local\Temp\bee5a8794014d11323dfb0276e541a0ee9567f61521a1a885ade5ca2d87f36d8.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      PID:4548

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Network Service Discovery

1
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus
    Filesize

    2.7MB

    MD5

    ab9edbf2abe36a005b75ed63e6c044f5

    SHA1

    641b5f77d9b0395d87c197a1671f37025410dd06

    SHA256

    6633922a7479ba93178e02f8dde9db0dc50cec012759ea4b66fd5cf5cf92bbad

    SHA512

    d848019b147fbc0709a09c135979df29a339b7c5a84899fa8cba2dc2cf3fbd3e085877f57cbbb20404126c8dae9db061a98316cd2d2248e400e282ec95b4b827

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
    Filesize

    8.7MB

    MD5

    636c1779d21459cc4e1108cec68e684c

    SHA1

    07ef5cefd96895f295aa2dd9d54d6c6373d341a1

    SHA256

    bde81836a209aa5df7844a71cc6c46f587b1b0bbcc06b9ec3092b572f1fa2ea0

    SHA512

    654f3c943b4e01f3abbc40b43cbe0f71074058c9d223376218dfa449b00fc0c28bb446ae5f2f705b90f7a88f4a6b88da1736486a9a43c4ce87e014f958f7088c

    Download Submit
  • memory/4548-3-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-5-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-6-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-7-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-8-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-9-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-14-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-15-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-16-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-35-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-46-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-50-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-53-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-54-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-58-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-59-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-60-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-61-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-62-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-63-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-64-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-65-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-68-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-73-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-72-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-75-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-79-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-70-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-86-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-94-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-96-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-105-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-104-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-93-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-103-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-88-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-87-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-97-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-89-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-82-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-76-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-81-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-85-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-78-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-69-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-71-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-67-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-98-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-100-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-116-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-107-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-118-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-108-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-120-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-114-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4548-117-0x0000000000400000-0x0000000000848000-memory.dmp
    Filesize

    4.3MB

    Download
  • memory/4576-1-0x00000000026C0000-0x000000000287D000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/4576-2-0x0000000002880000-0x0000000002A37000-memory.dmp
    Filesize

    1.7MB

    Download