f3aaaa9080a42f6932b9c5ff06854a2eaf623932547f86076a72465128cb0c17

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 15:39

Target

dc8eb526e678a59a5db7f8ae3a513a0c.exe
Size

2.0MB
MD5

dc8eb526e678a59a5db7f8ae3a513a0c
SHA1

756e5381dad32915f16ce0b6d6c3127bfac46c73
SHA256

f3aaaa9080a42f6932b9c5ff06854a2eaf623932547f86076a72465128cb0c17
SHA512

4f0984a26248690f85544a776d063170a567c9b8a598aec730095821b749b68e3692dd6238498d28ffc5ed3ce4f9010ba1b0bb76abce07029ef4cfef025dcd8a
SSDEEP

24576:dgdhhQGGnnazLpj4VHogiuGYNycAavew3mwmI1nk30sKbcGOyRWEMVM8w8sDDFUd:dqgazxcGYN139lnk30ray05O4

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2360	bzwct.exe

Loads dropped DLL 1 IoCs

pid	Process
1156	dc8eb526e678a59a5db7f8ae3a513a0c.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\zifzybsc\bzwct.exe	dc8eb526e678a59a5db7f8ae3a513a0c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 2360	1156	dc8eb526e678a59a5db7f8ae3a513a0c.exe	28
PID 1156 wrote to memory of 2360	1156	dc8eb526e678a59a5db7f8ae3a513a0c.exe	28
PID 1156 wrote to memory of 2360	1156	dc8eb526e678a59a5db7f8ae3a513a0c.exe	28
PID 1156 wrote to memory of 2360	1156	dc8eb526e678a59a5db7f8ae3a513a0c.exe	28

C:\Users\Admin\AppData\Local\Temp\dc8eb526e678a59a5db7f8ae3a513a0c.exe
"C:\Users\Admin\AppData\Local\Temp\dc8eb526e678a59a5db7f8ae3a513a0c.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Program Files (x86)\zifzybsc\bzwct.exe
  "C:\Program Files (x86)\zifzybsc\bzwct.exe"
  2⤵
  - Executes dropped EXE
  PID:2360

\Program Files (x86)\zifzybsc\bzwct.exe

Filesize
2.1MB

MD5
3b49f5427c9dbeda51a24d6055b31961

SHA1
fd198e31f33956c54e86b9aa2a83fc9cc7bbcf7b

SHA256
704a8c26b14fb1fa5e897c883db5f6b02d199b4dcbfaedb1377c3c5be77c488d

SHA512
a75fc7d97940486023c88a12c4fb3de922a6a60dcf97d45d6df94fa3042b0c60daee4d06cee202b5dae75097c2014698897652783269cdb60d5b229e7f847b6f

Download Submit
memory/1156-5-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2360-6-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download