bf0a5efb3d84fa52938ccf45d84483386606204b4f6473cb9030b53baf7b1ba4

Analysis

max time kernel
169s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 16:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

beetle-cab/start.cmd
Size

86B
MD5

232ebf167ea35163ea69a1570be7b03e
SHA1

b8bc8c8b3f9ebf83ec43244a934389bd98849a0a
SHA256

030ee398e53caf0928e757162f3c7be7d593a59dde2795991ec7e4fd8e71f2e3
SHA512

efe7d716b4c2553b1dc295271b1bb32fccf12e2b64e6de7adbf5f8284bdee1c3a92b5a227c46a6bff6c1298d2e7319b73b7a75651710cad84564f0c4ec4c917f

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

cmd.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation cmd.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Modifies registry class 1 IoCs

Processes:

cmd.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings cmd.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	cmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings	cmd.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

7za.exe

description	pid	process
Token: SeRestorePrivilege	3772	7za.exe
Token: 35	3772	7za.exe
Token: SeSecurityPrivilege	3772	7za.exe
Token: SeSecurityPrivilege	3772	7za.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2916 wrote to memory of 3772	2916	cmd.exe	7za.exe
PID 2916 wrote to memory of 3772	2916	cmd.exe	7za.exe
PID 2916 wrote to memory of 3772	2916	cmd.exe	7za.exe
PID 2916 wrote to memory of 5008	2916	cmd.exe	mshta.exe
PID 2916 wrote to memory of 5008	2916	cmd.exe	mshta.exe
PID 2916 wrote to memory of 5008	2916	cmd.exe	mshta.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\beetle-cab\start.cmd"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2916

C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe
7za.exe x -y -aoa -pbeetle arc.7z -oext
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3772

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\run.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} --sfx
2⤵
PID:5008

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\f0372d98c7a1480e93ab6f777187d357 /t 1400 /p 5008
1⤵
PID:2336

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\DriverPackSolution.html
Filesize
4KB

MD5
203ac1542d8e93edbbc80f7b59db5c44

SHA1
ba66db0e746bc550ea860f4023c3cb5c72140ba5

SHA256
8892e63141854bcf4bb1452abef68dd2c348c59322d697ef11a7ab7c5e3c4aea

SHA512
53cb5ad72c66e62d9285c318b606a9819053de729fa18ea72e80a7f09b333cc7868b455048660397086fa80a13ca745e42a6dc22df63d059076befca178a8a95

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\audio\ru\STORIES-adout-8.mp3
Filesize
17KB

MD5
9bfcf4abe7aa3603fdf1e37bbd9908ed

SHA1
7fc9cbe58273939ea9dd04463ca2ccfaf913658d

SHA256
c2f79a0267df7d522b13e49b406f74892cc6744b88204449387a335cf525550d

SHA512
61fc30694f6a12d03fc95fa537d771ee7d6467c8c457eada43062c036e5347637f0461890e8fbae5f476eee1ea74b152adfc7b1617118ede74c43cf36edbd633

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\config.js
Filesize
3KB

MD5
31009d2efb710925bf7f308af59c629b

SHA1
5215c77b1719d0974dc529b523b758ef85dbebd4

SHA256
18f86ef3fad86c97d56274e5577b178a77f40587a80451a971013248e37190a6

SHA512
44129d626970c101df41a0bc94ff6120a1034077628da968d9c772fa6125d1f11478480cec7086dfd1625c8fc07820202a711a5598ea131b7742b31211a3f394

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\custom-control.css
Filesize
10KB

MD5
f7f8703ada2176dc144343a2c2acb1cd

SHA1
091334a48056a8baafff0cd672232de1c1f6c838

SHA256
7d7853e95258a7a3f8eaf41795f7124e7d2dacdeb5f1efe212b3ff7ed0da9e50

SHA512
27d46472c06103e0bdd9d40149804c16f469305752c3a6d8473c2f2ab22b2c8fa5d65d61dda7c617a3f12d8526b56a10320b8683f31d210ac2185fd0daed8e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\fonts\Open-Sans\opensans-regular-webfont.eot
Filesize
40KB

MD5
88a9c629f26f8563a72eac95cb0744bc

SHA1
484bca13532678133dc14a668c580be2c1346526

SHA256
3ae576bfa96d7cf6614c8c97290c7abe03191a8ceb0c837a21e7ffe70d66ca62

SHA512
b4cdaa3a5a46ef368e9138c9874aa1173b466bc660d5bbbd13fc3f10f509cda9af151a2667ecd079935d60992b1436f6d5843ced5a063769e19e67f84c402af9

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\fonts\Open-Sans\opensans-regular-webfont.ttf
Filesize
99KB

MD5
45d9f4020b92be6de67ff22b671c3e2f

SHA1
60e9c9ca7b14b173046c3de2dfcccb225207ffd7

SHA256
a3d775a1ef0ef8b7456feb404de74b7c960eacaf65e8e17b135f2e482441a892

SHA512
44d86de447a52b77b7f1119132099c58150b6e7d3aa339a3256eac616241c7811ed524db77f3c1269079f9db5a6b372b67d11d30b76166061a070d55f2d79162

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\fonts\ProximaNova\proxima_nova_light-webfont.eot
Filesize
61KB

MD5
ee9163c34f600221169f8ff531e97182

SHA1
57f0b2c837c94f2a0df47ee62b4639fd6426bfa0

SHA256
53f30a622db68cebe92dbd384cc292aef13ad7e3349a10a77c29326e10634c21

SHA512
d51e2a5f6df706eaa2c5ffa071a9a9c08e58a30b4af64a1ccbe81f8e9c38f20429df665cabaf295129490afc639b7e19c0fced428610a284a17899c3290904cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\fonts\ProximaNova\proxima_nova_light-webfont.ttf
Filesize
61KB

MD5
1bbe13b77bc82ce6f95fa4fbba53ca00

SHA1
ddd8d67742a83294c77c405a5ff896bf1651f018

SHA256
e2a2faa64fbfabac156a99961a7afbd5e1b5c8d2aaea8e79c5076652587d0a3e

SHA512
0ee4cbefac0ffb55a9ed69f0bf4ecff7f9a7c3a7f6ed918d7802e14ca115411460a0ad4ef2321cdb17c33a90a92d279739c8953c728af38dbb20e63f6c39bf87

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\fonts\ProximaNova\proxima_nova_light-webfont.woff
Filesize
27KB

MD5
1970f82adb3619e3ab4e83e81881e2c5

SHA1
59063eb3ed9be781e680ce88b374857b875d90e0

SHA256
49fa230fc49401a83dd324d4834a1e6844c8d176bd888c522456e178ba038e28

SHA512
1f4b70165ac7a048ef8b6d061fbdb8aba9c54c6bdd8ebdf0f09f17a46ee3c904322b8785caf5ab320536ea4fa9f635e16d7b58da99ef38c1664153ec2380343b

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\icons-checkbox.css
Filesize
444B

MD5
3be98220035017d9b818f3cc94f87587

SHA1
bc07f11d0a59f942ac942dba02214a7041ad6e3a

SHA256
cb134dcb95a407795c671a512c389894d3525fba3f6a2168fc5b9b7e875e78dc

SHA512
d2e7d57cb7b7e771c82c75a04fbfb86ebecbb409ecf2c5666aeaa99695474a7985e3367f6a5b3d4ac59f775f60fb084efa9bdda99ce3c077df2690a5f0a6b1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\icons.css
Filesize
509B

MD5
ebae852f3327fdaf3e2fc2bf1cdecb8f

SHA1
f9753fe176069974fc9bce49eae877745282e183

SHA256
b5f111103f7f090c246a223b1ff497b94c4dd3ac64bf5b3fb2d91555fcfd6f2c

SHA512
bf8e7c5db7a1eacd4344d5facfee1cd66e883389b53bc28e4e387cdb67ea40ee26266ba4282e50eb50a7bc3c810d9fdbb50792a46135761b2e8ce52ddc9e394a

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\normalize.min.css
Filesize
1KB

MD5
e8908cf9cb9504b285327d240187f53b

SHA1
20eadf1695eb38bcd92d1706de5335db61b96502

SHA256
86235e2c477078adfe1188d07ca1e5d8198443aaf2436de1785a169f3e1d5463

SHA512
9c828e8942d40da89f33d1db459a7fc12621660331bef307df8649e89758e76b044bf97a2cd36d656915e19a8b04f571cdb61d7cb6f926a3ba151ee67bbcdc4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\open-sans.css
Filesize
1KB

MD5
9ed298542b45ef98492e159f68e89f48

SHA1
c4521d9a5dff8a71804c40a909378e8eb5bd66c2

SHA256
b9bd51ae6ccc7df20417e0ef341295b86bf8f74f6e235ee99ddefd675806f47f

SHA512
1c7d5b378d6c627fbbef864035b157c3e7647b699a50d64f6ebf22faac38bf774e0c025bc8dd4ecc9bde7b377b729bc89bf6fbac4d2409240e2d03753cfe680e

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\proximanova.css
Filesize
2KB

MD5
487b553f5f73b30b8d565df02b4103cc

SHA1
6defcf202ce7a04f2bea8aaac8bb01ed44407fa5

SHA256
931071422410d73d9d7d3583745e476eac23c0cac5fbe344f8436499ee40ac46

SHA512
5a94da5d685f6e74f6576c179b8b65b719727163afebf24557b5f23718a8c034f5e2782ff33021c4d029abaa7cdf464ad0a49cce0602b31191b3b6b642bda9ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\roboto.css
Filesize
1001B

MD5
f5f5b5e4955262430e7b496247425d2d

SHA1
d4bea186a0d525ce3060e8dd7901311ae4a0735a

SHA256
2537efe2fb974f58cddbc99abfcd7aed6e9df81992eed3e528b5f1748167b8fa

SHA512
16a7ec3d95ed773a0a1ce2c2dc4430677106f0d1042e34cb39ed48f4a495f637ec3eefad05a4ebbddbea71a67e933fa0b56e6beef69700c6e3ac9cda9c17e7ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\style.css
Filesize
14KB

MD5
2f4fe7647aa460b8984556a25a74c234

SHA1
8fb2a5135e61a034ecdfef279e92078a7b463123

SHA256
3f8ec31a3c08de6c1aac117347b1b83f391bb0a91c9dbdc57ba9d11d5ba372d5

SHA512
bad4c1419e302f8e5a84c28fb0862dc56167a7353cc5420d8226883203fe03eca7ec8a9f554cfee560523e9ef292cc38200bce6015c80a428ce4c05222be3a58

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\drp.css
Filesize
189KB

MD5
8c94686f894ec0bc66670840c3f62998

SHA1
406c471cb75a574848c0502109e68daf8442b49e

SHA256
68f09ef8144c09433c19d0d139fde1eda7f0a9b69be828e90410bb51c49cc030

SHA512
183ab09f8c5a07c7833bb4b896bea485f929907d6a4ff6746c52b8c8ea8ae4d7ce6dc985a391c605d41d580ad71818afd404a9ddb747963672f69ef49bd85d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\drp.js
Filesize
3.7MB

MD5
a7af01062ea3c1687b11930f26a6d9e8

SHA1
b6f418996e5f6c3d7de04b621b78de15dce20a35

SHA256
c0ae6134f693b80d71ece89965cde42c819e815c7218d54fcfad0372a62dec21

SHA512
8d0e40bb128bbb1f01ce38295c4c673884a7f07aef543bb39372fb91f1ab9f20c60dec974cb97beb5a58abecd7b6d137f80631c5ca39831e2b59659704634b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\img\device-class\new-ui\wifi.png
Filesize
1KB

MD5
0b1670795f66ee2a2dbc06e50b513b0a

SHA1
4aa76292ede49e98596f5dc113b0ee50af1cd6b3

SHA256
4da7ccf08d94f78c5e45554f8998c0e5f6d0a07b8a3a9e4b109543db6bc9ba43

SHA512
d96c37b78d05051d50f165ceee27ad1b81307cafdcaf73900ac22c153442209db23ea58804fd95d14a34c5de5e35da63710021f5ed144486cfb5fc9469301b1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\img\installation\banner_catalog-bg-ru.jpg
Filesize
74KB

MD5
fc675ccc770f9459495f4c5f5f0e5495

SHA1
483f47962fd59937ef8d7e49a713d0fb6997dc3e

SHA256
1fbb1510ae2f6db083cddf7c0f16364d5f5d2938737a297556c268c039a28165

SHA512
65015dd2f41b5e50eddfd9615882061b3e7897005587996e5e009daa62ac6164c4f3444ec3da8fa15ebb07f5fde25f699cdd85f0a9ed7f33a1225240efb1fde9

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\img\installation\drivers\DP_Touchpad.png
Filesize
888B

MD5
e9c35a488b41ffa9645c0592b13c8c15

SHA1
f54aefb44fe34cceae28a808c270fe8f670b922f

SHA256
025e7e8699fd9c246452c6634d4935149baa6a6acadb91b0f9adf52d11a094f9

SHA512
33ab1cace6ff121a34d262855219cfaf22c4e3b94eeacabfd3ee290784c261885a270aec9354d639ccd9bbcba3eeb658554ae440373c43cc8cc35313f7867485

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\img\screens\new-ui-logo2021.png
Filesize
5KB

MD5
ed623a69120325b464bc149ba5829465

SHA1
17ba0cbe9a7297824d8792becae98d8853c56af6

SHA256
a11af07103005c27c0a5f721d99482e4700c21c85afcbc8e44e4e785af5fa902

SHA512
fc18cde812cd2ac9e8f835971f4226092213737220e70e095bc5186042c061bf335501b098966c34a8c55610afea626061856740532166ea26c71c018b6059e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\run.hta
Filesize
2KB

MD5
6bcab16cd99663b1093d10f827ca0323

SHA1
47b2d7f33da12d88095379fc8ea5bb7114ce75e9

SHA256
02bd627d6825599ed039f053fecbe7f15000b5d5071e9b6baab488befa4f02dd

SHA512
67c23c1f3e8023001336ff7fc9c9052220f2ab67df280ef269b0239d67dfc67e6783dda44dec747ba6689c239d7efdb55262d098868e43ab70a055429349210e

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\start.bat
Filesize
90B

MD5
f66f13d4770eb90e6d81222fe3525a3f

SHA1
f21bc06a179c108d13c783600b98ea0641076127

SHA256
88ebe6fc9f45e734243dd674a3cdd9222be692bde089d0bc06726dd32156b892

SHA512
3f321a339dee086f474d5ac9e8b247805d070b6c0ab5f9d85c5f1075021a3eb7ae23ab2b577000adc30ad32e66a1e291993f435f8539bb0032a1aca038e1f1b2

Download Submit