bf0a5efb3d84fa52938ccf45d84483386606204b4f6473cb9030b53baf7b1ba4

Analysis

max time kernel
484s
max time network
1164s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
26-07-2024 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

beetle-cab/start.cmd
Size

86B
MD5

232ebf167ea35163ea69a1570be7b03e
SHA1

b8bc8c8b3f9ebf83ec43244a934389bd98849a0a
SHA256

030ee398e53caf0928e757162f3c7be7d593a59dde2795991ec7e4fd8e71f2e3
SHA512

efe7d716b4c2553b1dc295271b1bb32fccf12e2b64e6de7adbf5f8284bdee1c3a92b5a227c46a6bff6c1298d2e7319b73b7a75651710cad84564f0c4ec4c917f

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

cmd.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation cmd.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	cmd.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

mshta.exe7za.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7za.exe

Modifies registry class 1 IoCs

Processes:

cmd.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings cmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings	cmd.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

7za.exe

description	pid	process
Token: SeRestorePrivilege	3128	7za.exe
Token: 35	3128	7za.exe
Token: SeSecurityPrivilege	3128	7za.exe
Token: SeSecurityPrivilege	3128	7za.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 3596 wrote to memory of 3128	3596	cmd.exe	7za.exe
PID 3596 wrote to memory of 3128	3596	cmd.exe	7za.exe
PID 3596 wrote to memory of 3128	3596	cmd.exe	7za.exe
PID 3596 wrote to memory of 5020	3596	cmd.exe	mshta.exe
PID 3596 wrote to memory of 5020	3596	cmd.exe	mshta.exe
PID 3596 wrote to memory of 5020	3596	cmd.exe	mshta.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\beetle-cab\start.cmd"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3596

C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe
7za.exe x -y -aoa -pbeetle arc.7z -oext
2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3128

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\run.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} --sfx
2⤵
- System Location Discovery: System Language Discovery
PID:5020

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\DriverPackSolution.html
Filesize
4KB

MD5
203ac1542d8e93edbbc80f7b59db5c44

SHA1
ba66db0e746bc550ea860f4023c3cb5c72140ba5

SHA256
8892e63141854bcf4bb1452abef68dd2c348c59322d697ef11a7ab7c5e3c4aea

SHA512
53cb5ad72c66e62d9285c318b606a9819053de729fa18ea72e80a7f09b333cc7868b455048660397086fa80a13ca745e42a6dc22df63d059076befca178a8a95

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\audio\ru\STORIES-adout-8.mp3
Filesize
17KB

MD5
9bfcf4abe7aa3603fdf1e37bbd9908ed

SHA1
7fc9cbe58273939ea9dd04463ca2ccfaf913658d

SHA256
c2f79a0267df7d522b13e49b406f74892cc6744b88204449387a335cf525550d

SHA512
61fc30694f6a12d03fc95fa537d771ee7d6467c8c457eada43062c036e5347637f0461890e8fbae5f476eee1ea74b152adfc7b1617118ede74c43cf36edbd633

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\config.js
Filesize
3KB

MD5
31009d2efb710925bf7f308af59c629b

SHA1
5215c77b1719d0974dc529b523b758ef85dbebd4

SHA256
18f86ef3fad86c97d56274e5577b178a77f40587a80451a971013248e37190a6

SHA512
44129d626970c101df41a0bc94ff6120a1034077628da968d9c772fa6125d1f11478480cec7086dfd1625c8fc07820202a711a5598ea131b7742b31211a3f394

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\custom-control.css
Filesize
10KB

MD5
f7f8703ada2176dc144343a2c2acb1cd

SHA1
091334a48056a8baafff0cd672232de1c1f6c838

SHA256
7d7853e95258a7a3f8eaf41795f7124e7d2dacdeb5f1efe212b3ff7ed0da9e50

SHA512
27d46472c06103e0bdd9d40149804c16f469305752c3a6d8473c2f2ab22b2c8fa5d65d61dda7c617a3f12d8526b56a10320b8683f31d210ac2185fd0daed8e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\icons-checkbox.css
Filesize
444B

MD5
3be98220035017d9b818f3cc94f87587

SHA1
bc07f11d0a59f942ac942dba02214a7041ad6e3a

SHA256
cb134dcb95a407795c671a512c389894d3525fba3f6a2168fc5b9b7e875e78dc

SHA512
d2e7d57cb7b7e771c82c75a04fbfb86ebecbb409ecf2c5666aeaa99695474a7985e3367f6a5b3d4ac59f775f60fb084efa9bdda99ce3c077df2690a5f0a6b1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\icons.css
Filesize
509B

MD5
ebae852f3327fdaf3e2fc2bf1cdecb8f

SHA1
f9753fe176069974fc9bce49eae877745282e183

SHA256
b5f111103f7f090c246a223b1ff497b94c4dd3ac64bf5b3fb2d91555fcfd6f2c

SHA512
bf8e7c5db7a1eacd4344d5facfee1cd66e883389b53bc28e4e387cdb67ea40ee26266ba4282e50eb50a7bc3c810d9fdbb50792a46135761b2e8ce52ddc9e394a

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\normalize.min.css
Filesize
1KB

MD5
e8908cf9cb9504b285327d240187f53b

SHA1
20eadf1695eb38bcd92d1706de5335db61b96502

SHA256
86235e2c477078adfe1188d07ca1e5d8198443aaf2436de1785a169f3e1d5463

SHA512
9c828e8942d40da89f33d1db459a7fc12621660331bef307df8649e89758e76b044bf97a2cd36d656915e19a8b04f571cdb61d7cb6f926a3ba151ee67bbcdc4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\open-sans.css
Filesize
1KB

MD5
9ed298542b45ef98492e159f68e89f48

SHA1
c4521d9a5dff8a71804c40a909378e8eb5bd66c2

SHA256
b9bd51ae6ccc7df20417e0ef341295b86bf8f74f6e235ee99ddefd675806f47f

SHA512
1c7d5b378d6c627fbbef864035b157c3e7647b699a50d64f6ebf22faac38bf774e0c025bc8dd4ecc9bde7b377b729bc89bf6fbac4d2409240e2d03753cfe680e

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\proximanova.css
Filesize
2KB

MD5
487b553f5f73b30b8d565df02b4103cc

SHA1
6defcf202ce7a04f2bea8aaac8bb01ed44407fa5

SHA256
931071422410d73d9d7d3583745e476eac23c0cac5fbe344f8436499ee40ac46

SHA512
5a94da5d685f6e74f6576c179b8b65b719727163afebf24557b5f23718a8c034f5e2782ff33021c4d029abaa7cdf464ad0a49cce0602b31191b3b6b642bda9ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\roboto.css
Filesize
1001B

MD5
f5f5b5e4955262430e7b496247425d2d

SHA1
d4bea186a0d525ce3060e8dd7901311ae4a0735a

SHA256
2537efe2fb974f58cddbc99abfcd7aed6e9df81992eed3e528b5f1748167b8fa

SHA512
16a7ec3d95ed773a0a1ce2c2dc4430677106f0d1042e34cb39ed48f4a495f637ec3eefad05a4ebbddbea71a67e933fa0b56e6beef69700c6e3ac9cda9c17e7ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\css\style.css
Filesize
14KB

MD5
2f4fe7647aa460b8984556a25a74c234

SHA1
8fb2a5135e61a034ecdfef279e92078a7b463123

SHA256
3f8ec31a3c08de6c1aac117347b1b83f391bb0a91c9dbdc57ba9d11d5ba372d5

SHA512
bad4c1419e302f8e5a84c28fb0862dc56167a7353cc5420d8226883203fe03eca7ec8a9f554cfee560523e9ef292cc38200bce6015c80a428ce4c05222be3a58

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\drp.css
Filesize
189KB

MD5
8c94686f894ec0bc66670840c3f62998

SHA1
406c471cb75a574848c0502109e68daf8442b49e

SHA256
68f09ef8144c09433c19d0d139fde1eda7f0a9b69be828e90410bb51c49cc030

SHA512
183ab09f8c5a07c7833bb4b896bea485f929907d6a4ff6746c52b8c8ea8ae4d7ce6dc985a391c605d41d580ad71818afd404a9ddb747963672f69ef49bd85d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\drp.js
Filesize
3.7MB

MD5
a7af01062ea3c1687b11930f26a6d9e8

SHA1
b6f418996e5f6c3d7de04b621b78de15dce20a35

SHA256
c0ae6134f693b80d71ece89965cde42c819e815c7218d54fcfad0372a62dec21

SHA512
8d0e40bb128bbb1f01ce38295c4c673884a7f07aef543bb39372fb91f1ab9f20c60dec974cb97beb5a58abecd7b6d137f80631c5ca39831e2b59659704634b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\img\device-class\new-ui\wifi.png
Filesize
1KB

MD5
0b1670795f66ee2a2dbc06e50b513b0a

SHA1
4aa76292ede49e98596f5dc113b0ee50af1cd6b3

SHA256
4da7ccf08d94f78c5e45554f8998c0e5f6d0a07b8a3a9e4b109543db6bc9ba43

SHA512
d96c37b78d05051d50f165ceee27ad1b81307cafdcaf73900ac22c153442209db23ea58804fd95d14a34c5de5e35da63710021f5ed144486cfb5fc9469301b1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\img\installation\banner_catalog-bg-ru.jpg
Filesize
74KB

MD5
fc675ccc770f9459495f4c5f5f0e5495

SHA1
483f47962fd59937ef8d7e49a713d0fb6997dc3e

SHA256
1fbb1510ae2f6db083cddf7c0f16364d5f5d2938737a297556c268c039a28165

SHA512
65015dd2f41b5e50eddfd9615882061b3e7897005587996e5e009daa62ac6164c4f3444ec3da8fa15ebb07f5fde25f699cdd85f0a9ed7f33a1225240efb1fde9

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\img\installation\drivers\DP_Touchpad.png
Filesize
888B

MD5
e9c35a488b41ffa9645c0592b13c8c15

SHA1
f54aefb44fe34cceae28a808c270fe8f670b922f

SHA256
025e7e8699fd9c246452c6634d4935149baa6a6acadb91b0f9adf52d11a094f9

SHA512
33ab1cace6ff121a34d262855219cfaf22c4e3b94eeacabfd3ee290784c261885a270aec9354d639ccd9bbcba3eeb658554ae440373c43cc8cc35313f7867485

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\run.hta
Filesize
2KB

MD5
6bcab16cd99663b1093d10f827ca0323

SHA1
47b2d7f33da12d88095379fc8ea5bb7114ce75e9

SHA256
02bd627d6825599ed039f053fecbe7f15000b5d5071e9b6baab488befa4f02dd

SHA512
67c23c1f3e8023001336ff7fc9c9052220f2ab67df280ef269b0239d67dfc67e6783dda44dec747ba6689c239d7efdb55262d098868e43ab70a055429349210e

Download Submit
C:\Users\Admin\AppData\Local\Temp\beetle-cab\ext\start.bat
Filesize
90B

MD5
f66f13d4770eb90e6d81222fe3525a3f

SHA1
f21bc06a179c108d13c783600b98ea0641076127

SHA256
88ebe6fc9f45e734243dd674a3cdd9222be692bde089d0bc06726dd32156b892

SHA512
3f321a339dee086f474d5ac9e8b247805d070b6c0ab5f9d85c5f1075021a3eb7ae23ab2b577000adc30ad32e66a1e291993f435f8539bb0032a1aca038e1f1b2

Download Submit