Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/07/2024, 19:56
Static task
static1
Behavioral task
behavioral1
Sample
beelyk.torrent
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
beelyk.torrent
Resource
win10v2004-20240611-en
General
-
Target
beelyk.torrent
-
Size
110B
-
MD5
2f0c89ca994326968406f1921e505350
-
SHA1
fdfb093baeb7a48848b5476934c2ac9f0f81b680
-
SHA256
43006c85c7f69e9d1f8842a1597a7287b1d3a5654e49b0e9eff754b6241ad867
-
SHA512
be7f79e108d0fa9b5091e761216e465aba158e027aada36ba54bd714246247a976b93b2c5bf86fbd9a534505f3d290727ddec09563b0a9ce4904e13c82a35d46
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\.torrent rundll32.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\torrent_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\torrent_auto_file\shell\Read\command rundll32.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\torrent_auto_file\ rundll32.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\torrent_auto_file\shell rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\torrent_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\torrent_auto_file rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\.torrent\ = "torrent_auto_file" rundll32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2620 AcroRd32.exe 2620 AcroRd32.exe 2620 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2984 wrote to memory of 1276 2984 cmd.exe 29 PID 2984 wrote to memory of 1276 2984 cmd.exe 29 PID 2984 wrote to memory of 1276 2984 cmd.exe 29 PID 1276 wrote to memory of 2620 1276 rundll32.exe 30 PID 1276 wrote to memory of 2620 1276 rundll32.exe 30 PID 1276 wrote to memory of 2620 1276 rundll32.exe 30 PID 1276 wrote to memory of 2620 1276 rundll32.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\beelyk.torrent1⤵
- Suspicious use of WriteProcessMemory
PID:2984 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\beelyk.torrent2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1276 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\beelyk.torrent"3⤵
- Suspicious use of SetWindowsHookEx
PID:2620
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5e585cd1e4d123632693d3c5fb25418d1
SHA1ce2b483de16428f9f38e469871d8d48338e0b9c7
SHA256a3ad78f306aed75b0d9e0952b04302a48e73c868b2f3685a16478d863b73a4b8
SHA51227b2a6cdd93ac3cd20225e2e4280febfd2ed7a15a0166fbf47c47b731300d17741a7c8d8dcdddd95807d4825669d4f3fd8b0d852b969fa31c5de9fc056af5b54