Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 02:45

General

  • Target

    beehdhgehc.exe

  • Size

    563KB

  • MD5

    9d01412819ca4fb532c81a5335d76854

  • SHA1

    ff840af40527eb8a05927036af54140d07a1ba33

  • SHA256

    dc239681ea4e27fbe2a678f0182b8adf47a3d0b2687d1d8b7a9e3416324ca7c1

  • SHA512

    d25be4cadcfc67ec5c5454a488ce03e9cce45e5f02238baca129c363d370174818822f78230155949c577ff6d240ed12af32d94700d4fe91dd4b3121664ddaff

  • SSDEEP

    12288:NCsn5OejVsQwDgLMUB5vIXbyVxbHFoVlbOzKBztyAH40:NCyPB+D8MUB5vIXbyVxbHFKl62Bz4AHh

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\beehdhgehc.exe
    "C:\Users\Admin\AppData\Local\Temp\beehdhgehc.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic /output:C:\Users\Admin\AppData\Local\Temp\81718246737.txt bios get serialnumber
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1928
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic /output:C:\Users\Admin\AppData\Local\Temp\81718246737.txt bios get version
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2392
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic /output:C:\Users\Admin\AppData\Local\Temp\81718246737.txt bios get version
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2748
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic /output:C:\Users\Admin\AppData\Local\Temp\81718246737.txt bios get version
      2⤵
        PID:2772
      • C:\Windows\SysWOW64\Wbem\wmic.exe
        wmic /output:C:\Users\Admin\AppData\Local\Temp\81718246737.txt bios get version
        2⤵
          PID:2800
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 372
          2⤵
          • Program crash
          PID:2700

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\81718246737.txt

        Filesize

        66B

        MD5

        9025468f85256136f923096b01375964

        SHA1

        7fcd174999661594fa5f88890ffb195e9858cc52

        SHA256

        d5418014fa8e6e17d8992fd12c0dfecac8a34855603ea58133e87ea09c2130df

        SHA512

        92cac37c332e6e276a963d659986a79a79867df44682bfc2d77ed7784ffa5e2c149e5960a83d03ef4cf171be40a73e93a110aaa53b95152fa9a9da6b41d31e51