397ee6ba6f7b5141ce4417cfe6dacaf96c7258a40eae9eb64b167df200440e40

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

beeicaibdh.exe
Size

538KB
MD5

2724bdb8ee23347d8cb6010c4d4fa0f3
SHA1

ed53365ddd7d1111fa0874707f58ba7c49dc910b
SHA256

93ccf5baa7031d6676468fee2f2d241d318fee20df4fe3884ffbb47683580607
SHA512

a92b96036ec4efa863b5a6ae64546ccae8d338d6b50a32506e83532da8c2dd4081bc89be6687a22dfff25fc5a476a7a52ddc5b576788816cb266d16e5b9b8b5d
SSDEEP

12288:n7Lc3qvLzuUoeMLcbVK3yXLjqaxVVDjoyP42y:nfc3qvLIUVK2DxVSyP4n

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1716	4892	WerFault.exe	81

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2432	wmic.exe
Token: SeSecurityPrivilege	2432	wmic.exe
Token: SeTakeOwnershipPrivilege	2432	wmic.exe
Token: SeLoadDriverPrivilege	2432	wmic.exe
Token: SeSystemProfilePrivilege	2432	wmic.exe
Token: SeSystemtimePrivilege	2432	wmic.exe
Token: SeProfSingleProcessPrivilege	2432	wmic.exe
Token: SeIncBasePriorityPrivilege	2432	wmic.exe
Token: SeCreatePagefilePrivilege	2432	wmic.exe
Token: SeBackupPrivilege	2432	wmic.exe
Token: SeRestorePrivilege	2432	wmic.exe
Token: SeShutdownPrivilege	2432	wmic.exe
Token: SeDebugPrivilege	2432	wmic.exe
Token: SeSystemEnvironmentPrivilege	2432	wmic.exe
Token: SeRemoteShutdownPrivilege	2432	wmic.exe
Token: SeUndockPrivilege	2432	wmic.exe
Token: SeManageVolumePrivilege	2432	wmic.exe
Token: 33	2432	wmic.exe
Token: 34	2432	wmic.exe
Token: 35	2432	wmic.exe
Token: 36	2432	wmic.exe
Token: SeIncreaseQuotaPrivilege	2432	wmic.exe
Token: SeSecurityPrivilege	2432	wmic.exe
Token: SeTakeOwnershipPrivilege	2432	wmic.exe
Token: SeLoadDriverPrivilege	2432	wmic.exe
Token: SeSystemProfilePrivilege	2432	wmic.exe
Token: SeSystemtimePrivilege	2432	wmic.exe
Token: SeProfSingleProcessPrivilege	2432	wmic.exe
Token: SeIncBasePriorityPrivilege	2432	wmic.exe
Token: SeCreatePagefilePrivilege	2432	wmic.exe
Token: SeBackupPrivilege	2432	wmic.exe
Token: SeRestorePrivilege	2432	wmic.exe
Token: SeShutdownPrivilege	2432	wmic.exe
Token: SeDebugPrivilege	2432	wmic.exe
Token: SeSystemEnvironmentPrivilege	2432	wmic.exe
Token: SeRemoteShutdownPrivilege	2432	wmic.exe
Token: SeUndockPrivilege	2432	wmic.exe
Token: SeManageVolumePrivilege	2432	wmic.exe
Token: 33	2432	wmic.exe
Token: 34	2432	wmic.exe
Token: 35	2432	wmic.exe
Token: 36	2432	wmic.exe
Token: SeIncreaseQuotaPrivilege	704	wmic.exe
Token: SeSecurityPrivilege	704	wmic.exe
Token: SeTakeOwnershipPrivilege	704	wmic.exe
Token: SeLoadDriverPrivilege	704	wmic.exe
Token: SeSystemProfilePrivilege	704	wmic.exe
Token: SeSystemtimePrivilege	704	wmic.exe
Token: SeProfSingleProcessPrivilege	704	wmic.exe
Token: SeIncBasePriorityPrivilege	704	wmic.exe
Token: SeCreatePagefilePrivilege	704	wmic.exe
Token: SeBackupPrivilege	704	wmic.exe
Token: SeRestorePrivilege	704	wmic.exe
Token: SeShutdownPrivilege	704	wmic.exe
Token: SeDebugPrivilege	704	wmic.exe
Token: SeSystemEnvironmentPrivilege	704	wmic.exe
Token: SeRemoteShutdownPrivilege	704	wmic.exe
Token: SeUndockPrivilege	704	wmic.exe
Token: SeManageVolumePrivilege	704	wmic.exe
Token: 33	704	wmic.exe
Token: 34	704	wmic.exe
Token: 35	704	wmic.exe
Token: 36	704	wmic.exe
Token: SeIncreaseQuotaPrivilege	704	wmic.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 2432	4892	beeicaibdh.exe	82
PID 4892 wrote to memory of 2432	4892	beeicaibdh.exe	82
PID 4892 wrote to memory of 2432	4892	beeicaibdh.exe	82
PID 4892 wrote to memory of 704	4892	beeicaibdh.exe	85
PID 4892 wrote to memory of 704	4892	beeicaibdh.exe	85
PID 4892 wrote to memory of 704	4892	beeicaibdh.exe	85
PID 4892 wrote to memory of 1724	4892	beeicaibdh.exe	88
PID 4892 wrote to memory of 1724	4892	beeicaibdh.exe	88
PID 4892 wrote to memory of 1724	4892	beeicaibdh.exe	88
PID 4892 wrote to memory of 1972	4892	beeicaibdh.exe	90
PID 4892 wrote to memory of 1972	4892	beeicaibdh.exe	90
PID 4892 wrote to memory of 1972	4892	beeicaibdh.exe	90
PID 4892 wrote to memory of 4024	4892	beeicaibdh.exe	93
PID 4892 wrote to memory of 4024	4892	beeicaibdh.exe	93
PID 4892 wrote to memory of 4024	4892	beeicaibdh.exe	93

C:\Users\Admin\AppData\Local\Temp\beeicaibdh.exe
"C:\Users\Admin\AppData\Local\Temp\beeicaibdh.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic /output:C:\Users\Admin\AppData\Local\Temp\81718472518.txt bios get serialnumber
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2432
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic /output:C:\Users\Admin\AppData\Local\Temp\81718472518.txt bios get version
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:704
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic /output:C:\Users\Admin\AppData\Local\Temp\81718472518.txt bios get version
  2⤵
  PID:1724
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic /output:C:\Users\Admin\AppData\Local\Temp\81718472518.txt bios get version
  2⤵
  PID:1972
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic /output:C:\Users\Admin\AppData\Local\Temp\81718472518.txt bios get version
  2⤵
  PID:4024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 644
  2⤵
  - Program crash
  PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4892 -ip 4892
1⤵
PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\81718472518.txt

Filesize
66B

MD5
9025468f85256136f923096b01375964

SHA1
7fcd174999661594fa5f88890ffb195e9858cc52

SHA256
d5418014fa8e6e17d8992fd12c0dfecac8a34855603ea58133e87ea09c2130df

SHA512
92cac37c332e6e276a963d659986a79a79867df44682bfc2d77ed7784ffa5e2c149e5960a83d03ef4cf171be40a73e93a110aaa53b95152fa9a9da6b41d31e51

Download Submit
C:\Users\Admin\AppData\Local\Temp\81718472518.txt

Filesize
58B

MD5
f8e2f71e123c5a848f2a83d2a7aef11e

SHA1
5e7a9a2937fa4f06fdf3e33d7def7de431c159b4

SHA256
79dae8edfddb5a748fb1ed83c87081b245aeff9178c95dcf5fbaaed6baf82121

SHA512
8d34a80d335ee5be5d899b19b385aeaeb6bc5480fd72d3d9e96269da2f544ccc13b30fd23111980de736a612b8beb24ff062f6bed2eb2d252dbe07a2ffeb701e

Download Submit
C:\Users\Admin\AppData\Local\Temp\81718472518.txt

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads