a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02/02/2024, 13:33

Target

a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe
Size

4.2MB
MD5

8eb97cb828d889d343b95bff255ed53a
SHA1

26956555d5dfc790f87ec7c357b651110e8479bc
SHA256

a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155
SHA512

e7b9c35f443009f414705123eeff795b2e02562789bf0159e68988f8ab20dba9f2e7dadd4566412fab8dc8c7d05e7458f90ea84d043e0ed5d3877714ab6aaf1a
SSDEEP

49152:SWbawF7Ou70iuPgK+zukgeC2kYfnHk2hZlBig5/DHWsBa0LI4TUpHRIDbSi6oUlB:p7OuCPiukgOfH1LI4TOmXC

Score

7^/10

Executes dropped EXE 3 IoCs

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\beegoserverhelper.exe	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2660	sc.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 3044	2548	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	29
PID 2548 wrote to memory of 3044	2548	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	29
PID 2548 wrote to memory of 3044	2548	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	29
PID 2548 wrote to memory of 3044	2548	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	29
PID 2548 wrote to memory of 3008	2548	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	30
PID 2548 wrote to memory of 3008	2548	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	30
PID 2548 wrote to memory of 3008	2548	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	30
PID 2548 wrote to memory of 3008	2548	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	30
PID 2548 wrote to memory of 2660	2548	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	32
PID 2548 wrote to memory of 2660	2548	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	32
PID 2548 wrote to memory of 2660	2548	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	32
PID 2548 wrote to memory of 2660	2548	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	32

C:\Users\Admin\AppData\Local\Temp\a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe
"C:\Users\Admin\AppData\Local\Temp\a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\beegoserverhelper.exe
  C:\Windows\beegoserverhelper.exe install -
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3044
- C:\Windows\beegoserverhelper.exe
  C:\Windows\beegoserverhelper.exe version
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- C:\Windows\SysWOW64\sc.exe
  sc start beegoserverhelper
  2⤵
  - Launches sc.exe
  PID:2660

C:\Windows\beegoserverhelper.exe

Filesize
1.7MB

MD5
7e0ec191ef00069b0cde0ae26c1548ed

SHA1
e886e8afdc165bfd4761ab9330c256f0443bb38e

SHA256
9dfbcb49b005764e79b8e9a4187ccaab025a4eb110904616417771a5cda93b35

SHA512
89cef2e4adf7f802a40ae8dea064826352d44d7ffdb64d99c76ee68e6123b1e213faa30dd86f997750ce4d3949a4b2f6b8747e88473dd28e65f058c29cc19377

Download Submit
C:\Windows\beegoserverhelper.exe

Filesize
931KB

MD5
bf3dd31091d88a1bbdaf384868411e01

SHA1
97e6140176abeab44bdd6f2e4d9764097b0d603d

SHA256
ef9e983657ca0d01a56aadcfab362769614fbf6667e775fe5c35a1d6099f9bbf

SHA512
c902914873d8e323087875699bd5c43d38b422636ffe2a2002efe66551f0e4bb59bb61d79fa4f52455618edd10bd3b54f46e453e25869c9cef46291f1fdfb48f

Download Submit
C:\Windows\beegoserverhelper.exe

Filesize
784KB

MD5
f94ec4e2d151f0bce2b4e4c19f4d30d8

SHA1
301d5667cf14e8e767abf7913d3b31c6767180a5

SHA256
37f75ae7807ba276c391a7e63363c44721707a7d5136c08fa7c6ce3d0d602618

SHA512
51abd3a6bd14bc81ce17eacf47503a343ba7aae7b9700a2541e0340f3c417936bb4aa80802aa5899ac5161b683be67f95770e72a19544f87061ada25cba9cf5b

Download Submit
C:\Windows\beegoserverhelper.exe

Filesize
989KB

MD5
1bfebfef70102efbc4e5c7519e7aab57

SHA1
5c4eaf8349838759b4adbf452e3203b43f7a48ea

SHA256
7c95c2b7132858f5f7d9108be655780224e7f8d09b10df5788cb4518c9291433

SHA512
ee63ba1d36ab75ae355d8738ecd45c16561eac2ac98e8498380635b12181c9a317f217315a89db0f618171f4b198ee253fef3807d4f180fc8be65411d667e82f

Download Submit