Analysis
-
max time kernel
150s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
28-06-2024 15:38
General
-
Target
Beatware.Internal.v1.7.exe
-
Size
8.3MB
-
MD5
1fbd8db9291a9ee4622ee2accc493ba0
-
SHA1
66cdda6c2789202f6c5f92a4e9bb970f3e095a9d
-
SHA256
9fffea08116948a80151baf5271b5ba94d54e11d4c9aa7315591626d11ac0242
-
SHA512
744f62ebc60cbe7c9f23c64e5e98c5309b673a8ff2b6c743bc4c27655efcdb43ea68474d6f39160adf74baf65c5036f8ea17b73038fb6ddd04698b5b1cdcccc5
-
SSDEEP
98304:mn2ihaZdUjS6fzR1vQ6cbrgsihQ4xbNs8kwzXRuLHJD1UQ17VOhKMVtOwwMltcc:O2i0IV7RtQhihDbNs8VRORSQsKM3Hwf
Malware Config
Signatures
-
VMProtect packed file 3 IoCs
Detects executables packed with VMProtect commercial packer.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 31 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe"C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe" MD53⤵
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵
-
C:\Windows\system32\find.exefind /i /v "certutil"3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://beatware.xyz/discord2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD53f5bf914fe5f2a6196abff1847a5803f
SHA18d23ea3bff408dedc269793049b819c0d9027349
SHA256dcc027d5f79655ed2fde60e8e114bd094c77caabe260848a7127d7c413c8ecc7
SHA51271409925d44342274be5461ea19daaa5719ad9601e98351a8b1a24b23c194585400bba3951638dafa5fff538f2aed70b155679662ba476b25e7b4329b27c3939
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD549390830f85e4a636729383492218a9c
SHA12d0097d90a5cfc8d27b2e5a1a7de641218f0811c
SHA25615f3114b4e55aa54e73a5e0c150568c7f5efacfd6d385606adbcd629815532d9
SHA512af20acbc14479341939f012920ca1c5fe384d6446af98f1a64b5f7a5d8eb4fe6a4213d090aaadf9daf274b3c9a60bef477c8790662a75b8d78c13c4384778248
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD56526962f3d0e3f93bbfa187ad3e17e77
SHA1b60c1b54390a5baf365d038ef66221eabf542366
SHA25676b735d58c091f6b8c28002171896663339310175719652f073112723db3e76b
SHA51208a4a7d37e0b76575682ba263edc274c12c53f3ccb7a56ae8458b98331ab632754cb27fe599f5d26ba8f8b03ae8f94da5952875c3c4134acfef347e68573f80d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5622eb5a13b7490770c33182499cd78a4
SHA1751f4d4a865b528ec3fde7029eb539c6208402bb
SHA2566eb354e086a4d6ddc42970982020266a094ecfb68422dcb253fc7934ffe323c1
SHA51288a07914df883900d5cbb2ae115d70f1c050062f2debdf41cf0035d3526b7fa0c5faeeb3fe5272b9fb820f3ef848e6173e8630c9d01aa3e34f55d22a7f41e7f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD52a61f0e36a823fff0c6d75dc0d95f4de
SHA18972417f8727c77dab41bd4b2c20b5f6d3f26255
SHA25690b2d28df6ba5418acb6531641c429a49829d73a85dd2ed1fbc500bb8cf03fdf
SHA512d2e73caf1b8d578bf7dc262ee68a057cf169d4861ffd9a6fdea28edbfef45d077ebaeb9935ba62f21f94098c741e805e80463ce494d2c6104e1ae27cceb14b6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5fa0681a69606933ae4cc0ec8e6da4acc
SHA176afea7ad9d71da41a8bd6a24325f6adf50ff98b
SHA256cd3d12b5e9f42e58b94718fd1c2519a336eee3e93f14cc96894866837c52dfe6
SHA512853451242cac59968ab6c5a96ad43f957ab841570d8089a11b84737d4b4829dc2d3a0fc4bd38d6c7d60610a5b896ae14e5921e5209ddfda3f2246dd600a732fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD55739420e7b9928227739d5167c28b4c5
SHA1dcdf582e26cf1a221f707eaa6e2f14f2849e1d49
SHA256a875e004f05e0c0dade3c0d68491a9c597305b4b4f39bb8e26c3058dc5e6c7d8
SHA512959c53c0235a4a225f8d8a4b9e4fa2fb81753e559eb638b459fa614184dd31921fc4cb1bc52d9807c3da5d05b44d7df581c11a19bdcf867c6e73f093a87b9f54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5b4bbec2c0d32eb3abeb0fc4e415e8ebc
SHA16aac7b6ee36fec1325cf8731b456eb9cbcd4f29d
SHA256d990ce5badbf022f2ad61b13f31ee9274d3930ef18bd21d377c2f7b375ba0b1c
SHA512270f8411a83b6ae6be0c8ff6e720f46224231615ffd513785ea83f0b444cee12450f898422eebc938489e4bcb5b770e7093c658336412f1f6e93e1896ad2319c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5d6b6625371cf9637d25779fb16b6c981
SHA1c4312f8043fdcfd2137e3e643f5824aaa69141cf
SHA25663aaceaacf1a448610ea5c08df5cdfb23b58b90e4a1790258c7f8259cf2bb719
SHA512aaca266a5c34d690423c49c68b439805ef9727600e16b1dfecdf1ec893ec04c0d18043b34e771706b032a4ae2e70dacc146d4e905dcf4b7b2f2a75ef763d1057
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD58a89af6449e37fe401f6e254abc5d5cf
SHA1d571cf070bfc9db3f4b63b2f6e707d53ecb22b89
SHA256b108f88df1158943ee017f5a3f9bb76c6869020301132c2bb184e4bf7f0fd86f
SHA512e858c25fcc1506688072243b257add6638abdf5782c2340109455a1509532f35d48f2236caa184735f6638d6f0efe2d55fc3ce3bd327fcb3f0124711bcfb2ab7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD508b56d2de57c496aa4d6cda66f38f746
SHA19bc1229dc7dc8253483fe813a7c42c7055808287
SHA25635eb55c132d52c87273d25e79cd72191e5e46a8e303507eebb98cabe9bf64f6f
SHA5125416a3e1b12283d7c9c226e93829e61f1e880f10f7dacd1cf7b6be606b11219b98c314329d0d1f8f27972f4c5871f07dfe895ea4696b899f42d5330596d32867
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD51f63a6d3db080956e23a56dedf78a216
SHA14053b7ec733e31b397ddef23195acd2f08f8078f
SHA2566dfb7ee829a318975bfc99656ee1303d53dbe246f216f84dc85e204162de9869
SHA512bbb6eb21a288eacdd6b7f17c738102b33f5c3b88e0e597603a34ac40cac8947342b5705b5f5a5af5ec26b1766eb067b74f9bdebb8c11442a882a2d6878c9419d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5bb10882de9c0b5ea11a17fd010caa33a
SHA13f12f5db0d09a1abc6678fac8092a60b1774ca0d
SHA25679c3dd19a5789bc59126e61bf87cda0b7d6e0b4b136dd00b275c07b2649218a2
SHA5129a1cb51cdbe704e8fbf4fc3037cdbeacd085c79966c5527d8192d67107f1be5cb067e79a85830cd5c65fdbe2a2fcbdb0330410fc3803db48fede64c5d7606b31
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD58ae58561768f5a3c6ade8194d5f16bc4
SHA196f987bd82cc96d0aa626ea5f6eea3fc599b7cc1
SHA256d9696d97c6ac6ee14b558d2aff5f7c64a8b41c68ff5e565a77e8cb7defba6c55
SHA512724a81b3e8f1f54cdeb1bb79b9e6c60dce33803d52e8ce09224edc6c262f69da007d4750bbadc5d2a434dd92b9ea850aaa400f6a775c3972048197eebd18cef7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5b8c789d01d62091a8963858a90aab85b
SHA1c6680bdc86345cf63e7a747150c0807052570312
SHA256201751ce899fa5064591092d3a7483a6cc0fe894e4944f1f1975ab6f43f9bca5
SHA512458a11d332247502293f95805ff6aa1dbe5bf779a41a12081992812d13719d37036c89091897f4d2174f50800d4c84499b8cbf9e3059027c70ecb36aa9624b0e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD506a688b48b96b5a7c28ea1f4d413c928
SHA13df55d949e9fef02784b54f474735d2d9ad7c044
SHA2566c1638919322ec1b696b517bb12a0974076b9a6dd5d55f8a6dccc3fe53c77b7a
SHA512e54a5b636c589bd39beb2d7f876bb6c93d5c6b40c0e42d26898806051a3b0271e1843b29f9c81473ad315a7a243ba4b89194406da2b28df63c3e156f5058eca9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD50f399156fe346b34a2bc3eda721f6666
SHA12d39fb255070766e14beec4df4cf3e3ac4ff4936
SHA25608b8a47e19cda0b53cc71375066acfef73d06f6871ef953a2ca1cda3dcd60f57
SHA5120a52d297af4f30d7a69515806d468d5b29a0a5c83bb20b0dea842255459703bc8e7344bb21860be235ef82679b9d566ebbbdc219cb588f603af4c6e2377501df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5c95f7af679ef630b667e4b997d8536f0
SHA11cb380142cd701918beb0c27dbb72f30e0f39fdf
SHA256773440ab1212e690b97039e4733ece2c4460dc6337cc6ea89e198e9ffbc6bad3
SHA512c633e0cf6608a3baf14eb826d8a677755720edbdc4d6348a21669c3e070db5ba01bc769a09e599e534a7e78bb0237595c1a7eb14c91fa140ab528ea50a954bce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5fd6ff4777640a35d8a786e0477372a47
SHA15d7f1ec5dd9662fc67114a4b6838e0fc032bf936
SHA256cf62cb1c48b1d2ae52145019ce81080387db0746ee8a74774bf3bfb689e22058
SHA5125072061e38306df2b94c647e775ea6427377cbab3f4db3b1541089a1ff918620d88d2f88d9276b4991afe4415c7a385be5f3b683ccf5b2ba71632ab704ed0fc8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD56753c74f9895dd23410488e01ca86b82
SHA1c54d60a2ad25cc92cfa566123fa16730705c24e8
SHA2567c516786d067d1ee89edadfc1d6d0054c090f75634011fc46bb9377565b8ccc5
SHA51234bef0e2b4962c6d130a6259448362cdcd7dd5a85c0d885e5eb753b7d5beab2e506f1b3f71b496f65c236a3e1a178adcf33bf33aefce8c662bbbc2eeab7cc054
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5c9c1f58b085b652806560a9d3e97cd42
SHA1a25c082c63d59dbf9645edfac4da0383c22731e1
SHA256dd1c84185b5e8d49f3322a1c0161a61f810506e53ca085098ed12cb69d694cad
SHA51246fd23d268229a321493a57b2a58a62adfa99131b4c1729d868bf7400fa9e97e9e7aedbdfeb5789aa8e3a0b7e4f5b40e92cb1b74632779a6ca26671d29698442
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD57dc57e7358624da3bd73743547ed4f2c
SHA1b66e0c0f1854c7dff310e99f6ba04448485301c3
SHA256a0a7ca08ffab2bc821b1ca75c7e0f20061ecadedc3ec7afd472ee8d231e68ef0
SHA5121a5d6b11f969217b4451bdfc4b819f4452c07632636893fce3f63d19b4adb4ffbebc7d1ba431c9cde7b7fee9e6f3c22470da06fbf9b122fabd3629e945a9fb19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD58f42e89a0957a56d6c83ff3ed344cf32
SHA1cad3d45aca77569cc38e6bbb4e0d742b86266291
SHA2561f576a4493da1893f1af991a55f683872e6df3756c9307ad0610bfb04a9b112e
SHA512e520faa61bf9eb405588b1aa34e24e4b05a141f0801396bf15e5b1b6447eb84510c9e45aa22b1e07a27def115c4d3eac489c3a879e4b722331cdc2536e57b82f
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.datFilesize
24KB
MD54fee1d7c60efdda81b05ebc86ff5df2b
SHA13891cfd8507d1751950b1401437d87d91b31c8bd
SHA25650f97325df1cad5fea8e25fb6ee496fc5f7c1650fa03b46dd7cf8a8f5806de5f
SHA512cac28d772bd4d5a8654f45eaf095c507016df18b9dee0ad7b047b8a1774c8a94900f1f3a72f426328619cc0a417ae346403d5764140db19e07e1d71154f58484
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\favicon[1].icoFilesize
23KB
MD5ec2c34cadd4b5f4594415127380a85e6
SHA1e7e129270da0153510ef04a148d08702b980b679
SHA256128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\favicon[1].htmFilesize
16KB
MD5011e81dfa695f67680f7b8190e9ab008
SHA195971340b232699ae3bfa505cf5763b6afcff253
SHA2560c6ee91de583298df3e6ab98aef857ba19c669e9adb5c80427c97971afcc37ee
SHA512a14b35299001aad2d4eab68ad0bc78b31a72081781d0f29d961e7d98e637dc5f90c0ae472ec5b107cb64ba0092a0fe334ae0099401d671f55016e4963757e59b
-
C:\Users\Admin\AppData\Local\Temp\Cab84BC.tmpFilesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\Local\Temp\Tar8867.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
memory/2176-8-0x0000000140035000-0x000000014039E000-memory.dmpFilesize
3.4MB
-
memory/2176-4-0x00000000776D0000-0x00000000776D2000-memory.dmpFilesize
8KB
-
memory/2176-694-0x000000013FFA0000-0x000000014091B000-memory.dmpFilesize
9.5MB
-
memory/2176-693-0x0000000140035000-0x000000014039E000-memory.dmpFilesize
3.4MB
-
memory/2176-2-0x00000000776D0000-0x00000000776D2000-memory.dmpFilesize
8KB
-
memory/2176-0-0x00000000776D0000-0x00000000776D2000-memory.dmpFilesize
8KB
-
memory/2176-10-0x000000013FFA0000-0x000000014091B000-memory.dmpFilesize
9.5MB
-
memory/2176-5-0x000000013FFA0000-0x000000014091B000-memory.dmpFilesize
9.5MB