3db011d89be5a9fb6ba7c29ea39061c3ba9c20ce15d17a89b2ef4a3ab7b7f955

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 11:33

Target

b49a7d2c02715c7b0b311e5a23586d56.exe
Size

966KB
MD5

b49a7d2c02715c7b0b311e5a23586d56
SHA1

5ccea79aac5438fa0dec8f5b71cce95f21b4edd1
SHA256

3db011d89be5a9fb6ba7c29ea39061c3ba9c20ce15d17a89b2ef4a3ab7b7f955
SHA512

c224c4a945d598a20df3c5f64df7833f454ee7ae12894820125249386659a2a5be6452b47c89cf6793ddf599b51e432e496201e5ee5065b5be9817e657f671db
SSDEEP

24576:7zXKqa8SEijjC+37u9BEqxt5VUsftMQtadUj/DaHsNL:7z6qaakjC+3aNxJU2XtadsuGL

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1528	zicfgfljb.exe

Loads dropped DLL 1 IoCs

pid	Process
1704	b49a7d2c02715c7b0b311e5a23586d56.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\mcegosx\zicfgfljb.exe	b49a7d2c02715c7b0b311e5a23586d56.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1528	1704	b49a7d2c02715c7b0b311e5a23586d56.exe	28
PID 1704 wrote to memory of 1528	1704	b49a7d2c02715c7b0b311e5a23586d56.exe	28
PID 1704 wrote to memory of 1528	1704	b49a7d2c02715c7b0b311e5a23586d56.exe	28
PID 1704 wrote to memory of 1528	1704	b49a7d2c02715c7b0b311e5a23586d56.exe	28

C:\Users\Admin\AppData\Local\Temp\b49a7d2c02715c7b0b311e5a23586d56.exe
"C:\Users\Admin\AppData\Local\Temp\b49a7d2c02715c7b0b311e5a23586d56.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files (x86)\mcegosx\zicfgfljb.exe
  "C:\Program Files (x86)\mcegosx\zicfgfljb.exe"
  2⤵
  - Executes dropped EXE
  PID:1528

C:\Program Files (x86)\mcegosx\zicfgfljb.exe

Filesize
640KB

MD5
c708c98956cfbaf24a236f85bd956b99

SHA1
a2952e37f946004c4f99225d0ece007381ae6aa4

SHA256
f6b4d7f6817e18997796efe7f3186cc60809de9025af8e896bd76899bc2ecf9a

SHA512
8ff2e012d1e064f23cf8fc0fed5862b243bebdb862939c7885502cd2b3108ddcfa733d23dfaf7076a3afbcae7a9b885d69ed24203b4b196dce2906662814896b

Download Submit
\Program Files (x86)\mcegosx\zicfgfljb.exe

Filesize
976KB

MD5
63b7ac3eb2f44f033bf2f7a95f09b9a8

SHA1
28b04c79e88244857c60c1309fab4695f4992302

SHA256
788a0042d5aa9aafd0aea4cd03535158a5167fd7c6b6c57a3d5ab1f2a6d0624e

SHA512
54465d8a29f5016fdf7fd6dbcbc1b344a98053c5427e9231c020ae63e7d0d006372e3dc52adaaaa595f041a7cc21bd300553c82b76cd383a38d7131f60f68256

Download Submit
memory/1528-10-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1528-11-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1704-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1704-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/1704-7-0x0000000000610000-0x00000000006A4000-memory.dmp

Filesize
592KB

Download
memory/1704-6-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download