Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 18:50

General

  • Target

    beeifecjdh.exe

  • Size

    538KB

  • MD5

    414ca68096786397f155d633555090ff

  • SHA1

    a606ee5818f05a0aafa29dba839ce33184d381fc

  • SHA256

    ecca7e207947afd7cd3e30b130707047576bbd0980cfe4be58d9e7c91a661297

  • SHA512

    7b499850d173bf740a9fc9f69c87139ec24c7cdded79bbe2fbc6bff44005e5f26cfccb6db436929cbaa396676b040f8d31fde4ae662dc00a3f20455f5d3ac898

  • SSDEEP

    12288:i8KFgRZGE6jN0rlIAFczYzV5GHCQIjptYKTYIPK6yVF/:ifFgRZGEI+czYzVKgDYuvPZ2V

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\beeifecjdh.exe
    "C:\Users\Admin\AppData\Local\Temp\beeifecjdh.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic /output:C:\Users\Admin\AppData\Local\Temp\81718218224.txt bios get serialnumber
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2188
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic /output:C:\Users\Admin\AppData\Local\Temp\81718218224.txt bios get version
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2716
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic /output:C:\Users\Admin\AppData\Local\Temp\81718218224.txt bios get version
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2640
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic /output:C:\Users\Admin\AppData\Local\Temp\81718218224.txt bios get version
      2⤵
        PID:2420
      • C:\Windows\SysWOW64\Wbem\wmic.exe
        wmic /output:C:\Users\Admin\AppData\Local\Temp\81718218224.txt bios get version
        2⤵
          PID:2560
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 372
          2⤵
          • Program crash
          PID:2404

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\81718218224.txt

        Filesize

        66B

        MD5

        9025468f85256136f923096b01375964

        SHA1

        7fcd174999661594fa5f88890ffb195e9858cc52

        SHA256

        d5418014fa8e6e17d8992fd12c0dfecac8a34855603ea58133e87ea09c2130df

        SHA512

        92cac37c332e6e276a963d659986a79a79867df44682bfc2d77ed7784ffa5e2c149e5960a83d03ef4cf171be40a73e93a110aaa53b95152fa9a9da6b41d31e51