a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155

Analysis

max time kernel
95s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 13:33

Target

a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe
Size

4.2MB
MD5

8eb97cb828d889d343b95bff255ed53a
SHA1

26956555d5dfc790f87ec7c357b651110e8479bc
SHA256

a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155
SHA512

e7b9c35f443009f414705123eeff795b2e02562789bf0159e68988f8ab20dba9f2e7dadd4566412fab8dc8c7d05e7458f90ea84d043e0ed5d3877714ab6aaf1a
SSDEEP

49152:SWbawF7Ou70iuPgK+zukgeC2kYfnHk2hZlBig5/DHWsBa0LI4TUpHRIDbSi6oUlB:p7OuCPiukgOfH1LI4TOmXC

Score

7^/10

Executes dropped EXE 3 IoCs

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\beegoserverhelper.exe	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
4456	sc.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 3700	3024	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	85
PID 3024 wrote to memory of 3700	3024	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	85
PID 3024 wrote to memory of 3700	3024	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	85
PID 3024 wrote to memory of 5000	3024	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	86
PID 3024 wrote to memory of 5000	3024	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	86
PID 3024 wrote to memory of 5000	3024	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	86
PID 3024 wrote to memory of 4456	3024	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	88
PID 3024 wrote to memory of 4456	3024	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	88
PID 3024 wrote to memory of 4456	3024	a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe	88

C:\Users\Admin\AppData\Local\Temp\a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe
"C:\Users\Admin\AppData\Local\Temp\a9387d81ca8fe989354211efb3ba772d75b9a826dd0f19520068340b7cf79155.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\beegoserverhelper.exe
  C:\Windows\beegoserverhelper.exe install -
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3700
- C:\Windows\beegoserverhelper.exe
  C:\Windows\beegoserverhelper.exe version
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Windows\SysWOW64\sc.exe
  sc start beegoserverhelper
  2⤵
  - Launches sc.exe
  PID:4456

C:\Windows\beegoserverhelper.exe

Filesize
999KB

MD5
25fe717ec964a3d2d7e64134f322c327

SHA1
23b5e1ae537b573cfaa99032a310c85b52b29151

SHA256
8e88db2a1c262d3ca3e4749a4965db782e786491a3c38fed069b366beca2e178

SHA512
a2604ec6664e611f345187ddf115d7fb74646a74070721f14b19b313aad3009feaf9f922d944aacea7bcc78f6eea4043ee4b824794c8f08b3d6357ef7942f17b

Download Submit
C:\Windows\beegoserverhelper.exe

Filesize
626KB

MD5
6035ce0cb07cf550f7ed4ccf597f30e1

SHA1
2fa61e395464d476152bd1ccc97a804e5bc19998

SHA256
eef52b5482ab4a9dc053f138a805a16f2d52c428dfe04787f6f49896a01f1fe8

SHA512
b278aa2cb6a44267af55dee6c8a638d2f057dc5998e8f05b1de80f8c034cb5c072d78d8035aecb5410881b2ee67a75930b7776d1bafe98fe233e793c05e17582

Download Submit
C:\Windows\beegoserverhelper.exe

Filesize
411KB

MD5
eb1b2059ca55aa153a7c1c4956b29117

SHA1
6a787bad9db1b1a61c7a75bf1cee77f72208fb26

SHA256
17fe597b4064fd9b7608c7df9a91cada47142735275fc80ff982d53e056d7831

SHA512
ea2f6698193e44e07ba11536a140c8a118e6bb3e0d34d6a6dc6dd1f031deb0cf6ccfb6810d89c1bb56fae1409d22e3105e7e913961f3a8081cfa23bd8554cb9e

Download Submit
C:\Windows\beegoserverhelper.exe

Filesize
334KB

MD5
cfb634f4dc91c1a34f9bb7a5f52be258

SHA1
9903797b51fa65eb715cb884f9b4a79366a1d717

SHA256
ef112a7e145a8175ff51764238ba919f31bcd07360c6b5488ec0f786044b144e

SHA512
fc4cede3de4aaa29312f48b287f9462f254a5283a886efe4eaa4c0703e354c53ed317cfd0d539a59294c473f00298441575de0c4ba901f2803fe21020c171914

Download Submit