28b9f5ab1343a27bae716f16c19cae56c9ffdb05192c8d32e7ff4e3e74af14d6

General

Target

beejgggbdj.exe
Size

631KB
MD5

d2a1a1694d83c0de4546154a6822b353
SHA1

b51d347a08f4e92c4c757dea1b818ae9b88ede6d
SHA256

506f8a65a5d0fe6f225535304756b21b01783e6ef92688f1fd31a64cd11685c6
SHA512

ea2b5fd1bdb36f7a67b8ab6f54d58181b20b77ac376d88974e4f0a7dca40afcbaf85b3df24dea27ec3227dcfee789861d6a7c430c6f966b81a5e89d40fb1cb80
SSDEEP

12288:YZXMuieDmqHfMuDEJ15rwpARwgy/PS9KP8VmYn9XOs3Iy71W9D/xUlE+p56+7IR4:YN2SO3xwpARwn/qoP8VmYn9XOs3Iy71v

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2588 1968 WerFault.exe beejgggbdj.exe

pid	pid_target	process	target process
2588	1968	WerFault.exe	beejgggbdj.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

wmic.exewmic.exewmic.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	2188	wmic.exe
Token: SeSecurityPrivilege	2188	wmic.exe
Token: SeTakeOwnershipPrivilege	2188	wmic.exe
Token: SeLoadDriverPrivilege	2188	wmic.exe
Token: SeSystemProfilePrivilege	2188	wmic.exe
Token: SeSystemtimePrivilege	2188	wmic.exe
Token: SeProfSingleProcessPrivilege	2188	wmic.exe
Token: SeIncBasePriorityPrivilege	2188	wmic.exe
Token: SeCreatePagefilePrivilege	2188	wmic.exe
Token: SeBackupPrivilege	2188	wmic.exe
Token: SeRestorePrivilege	2188	wmic.exe
Token: SeShutdownPrivilege	2188	wmic.exe
Token: SeDebugPrivilege	2188	wmic.exe
Token: SeSystemEnvironmentPrivilege	2188	wmic.exe
Token: SeRemoteShutdownPrivilege	2188	wmic.exe
Token: SeUndockPrivilege	2188	wmic.exe
Token: SeManageVolumePrivilege	2188	wmic.exe
Token: 33	2188	wmic.exe
Token: 34	2188	wmic.exe
Token: 35	2188	wmic.exe
Token: SeIncreaseQuotaPrivilege	2188	wmic.exe
Token: SeSecurityPrivilege	2188	wmic.exe
Token: SeTakeOwnershipPrivilege	2188	wmic.exe
Token: SeLoadDriverPrivilege	2188	wmic.exe
Token: SeSystemProfilePrivilege	2188	wmic.exe
Token: SeSystemtimePrivilege	2188	wmic.exe
Token: SeProfSingleProcessPrivilege	2188	wmic.exe
Token: SeIncBasePriorityPrivilege	2188	wmic.exe
Token: SeCreatePagefilePrivilege	2188	wmic.exe
Token: SeBackupPrivilege	2188	wmic.exe
Token: SeRestorePrivilege	2188	wmic.exe
Token: SeShutdownPrivilege	2188	wmic.exe
Token: SeDebugPrivilege	2188	wmic.exe
Token: SeSystemEnvironmentPrivilege	2188	wmic.exe
Token: SeRemoteShutdownPrivilege	2188	wmic.exe
Token: SeUndockPrivilege	2188	wmic.exe
Token: SeManageVolumePrivilege	2188	wmic.exe
Token: 33	2188	wmic.exe
Token: 34	2188	wmic.exe
Token: 35	2188	wmic.exe
Token: SeIncreaseQuotaPrivilege	2880	wmic.exe
Token: SeSecurityPrivilege	2880	wmic.exe
Token: SeTakeOwnershipPrivilege	2880	wmic.exe
Token: SeLoadDriverPrivilege	2880	wmic.exe
Token: SeSystemProfilePrivilege	2880	wmic.exe
Token: SeSystemtimePrivilege	2880	wmic.exe
Token: SeProfSingleProcessPrivilege	2880	wmic.exe
Token: SeIncBasePriorityPrivilege	2880	wmic.exe
Token: SeCreatePagefilePrivilege	2880	wmic.exe
Token: SeBackupPrivilege	2880	wmic.exe
Token: SeRestorePrivilege	2880	wmic.exe
Token: SeShutdownPrivilege	2880	wmic.exe
Token: SeDebugPrivilege	2880	wmic.exe
Token: SeSystemEnvironmentPrivilege	2880	wmic.exe
Token: SeRemoteShutdownPrivilege	2880	wmic.exe
Token: SeUndockPrivilege	2880	wmic.exe
Token: SeManageVolumePrivilege	2880	wmic.exe
Token: 33	2880	wmic.exe
Token: 34	2880	wmic.exe
Token: 35	2880	wmic.exe
Token: SeIncreaseQuotaPrivilege	832	wmic.exe
Token: SeSecurityPrivilege	832	wmic.exe
Token: SeTakeOwnershipPrivilege	832	wmic.exe
Token: SeLoadDriverPrivilege	832	wmic.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

beejgggbdj.exe

description	pid	process	target process
PID 1968 wrote to memory of 2188	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2188	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2188	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2188	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2880	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2880	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2880	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2880	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 832	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 832	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 832	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 832	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2656	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2656	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2656	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2656	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2948	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2948	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2948	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2948	1968	beejgggbdj.exe	wmic.exe
PID 1968 wrote to memory of 2588	1968	beejgggbdj.exe	WerFault.exe
PID 1968 wrote to memory of 2588	1968	beejgggbdj.exe	WerFault.exe
PID 1968 wrote to memory of 2588	1968	beejgggbdj.exe	WerFault.exe
PID 1968 wrote to memory of 2588	1968	beejgggbdj.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\beejgggbdj.exe
"C:\Users\Admin\AppData\Local\Temp\beejgggbdj.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1968

C:\Windows\SysWOW64\Wbem\wmic.exe
wmic /output:C:\Users\Admin\AppData\Local\Temp\81716431189.txt bios get serialnumber
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2188

C:\Windows\SysWOW64\Wbem\wmic.exe
wmic /output:C:\Users\Admin\AppData\Local\Temp\81716431189.txt bios get version
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2880

C:\Windows\SysWOW64\Wbem\wmic.exe
wmic /output:C:\Users\Admin\AppData\Local\Temp\81716431189.txt bios get version
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:832

C:\Windows\SysWOW64\Wbem\wmic.exe
wmic /output:C:\Users\Admin\AppData\Local\Temp\81716431189.txt bios get version
2⤵
PID:2656

C:\Windows\SysWOW64\Wbem\wmic.exe
wmic /output:C:\Users\Admin\AppData\Local\Temp\81716431189.txt bios get version
2⤵
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 376
2⤵
- Program crash
PID:2588

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\81716431189.txt
Filesize
66B

MD5
9025468f85256136f923096b01375964

SHA1
7fcd174999661594fa5f88890ffb195e9858cc52

SHA256
d5418014fa8e6e17d8992fd12c0dfecac8a34855603ea58133e87ea09c2130df

SHA512
92cac37c332e6e276a963d659986a79a79867df44682bfc2d77ed7784ffa5e2c149e5960a83d03ef4cf171be40a73e93a110aaa53b95152fa9a9da6b41d31e51

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads