f7272b24174bde821584be19bce6b4dad813b07bf0a7285f3412813cdd39c6c5

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 21:57

Target

KingsrowSetup64.1.19e.exe
Size

22.6MB
MD5

21f5a4f3c925adaa7f822b7dfbd782b3
SHA1

bdb32e7c114fd613bc44f9634c8979f2733f7192
SHA256

f7272b24174bde821584be19bce6b4dad813b07bf0a7285f3412813cdd39c6c5
SHA512

6d22aff89d00a7b24b9caa821c40425eb2a3a913e67269e284cbe6d82edaba0f0764667fa35543a6b8ed514bab32d88d2f28d221523eba16a4cef67fdd61ade1
SSDEEP

393216:3+xXqAfXqRwVM3yaONCGY2/+Q58Stehe8MsrShlng16NAj6NRVaBwx8YYd:4Xrqi3C5a8SmerCIa1z64BwBY

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1984	KingsrowSetup64.1.19e.tmp

Loads dropped DLL 1 IoCs

pid	Process
3024	KingsrowSetup64.1.19e.exe

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\CheckerBoard\egdb64.dll	KingsrowSetup64.1.19e.tmp
File created	C:\Program Files (x86)\CheckerBoard\is-43V30.tmp	KingsrowSetup64.1.19e.tmp
File created	C:\Program Files (x86)\CheckerBoard\engines\is-V3V1O.tmp	KingsrowSetup64.1.19e.tmp
File created	C:\Program Files (x86)\CheckerBoard\engines\is-S3RQO.tmp	KingsrowSetup64.1.19e.tmp
File opened for modification	C:\Program Files (x86)\CheckerBoard\engines\Kingsrow64.dll	KingsrowSetup64.1.19e.tmp
File created	C:\Program Files (x86)\CheckerBoard\engines\is-TD4KM.tmp	KingsrowSetup64.1.19e.tmp
File created	C:\Program Files (x86)\CheckerBoard\engines\is-AU1CA.tmp	KingsrowSetup64.1.19e.tmp
File created	C:\Program Files (x86)\CheckerBoard\engines\is-E8TUP.tmp	KingsrowSetup64.1.19e.tmp
File created	C:\Program Files (x86)\CheckerBoard\engines\is-AJL8D.tmp	KingsrowSetup64.1.19e.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1984	KingsrowSetup64.1.19e.tmp
1984	KingsrowSetup64.1.19e.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1984	KingsrowSetup64.1.19e.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 1984	3024	KingsrowSetup64.1.19e.exe	28
PID 3024 wrote to memory of 1984	3024	KingsrowSetup64.1.19e.exe	28
PID 3024 wrote to memory of 1984	3024	KingsrowSetup64.1.19e.exe	28
PID 3024 wrote to memory of 1984	3024	KingsrowSetup64.1.19e.exe	28
PID 3024 wrote to memory of 1984	3024	KingsrowSetup64.1.19e.exe	28
PID 3024 wrote to memory of 1984	3024	KingsrowSetup64.1.19e.exe	28
PID 3024 wrote to memory of 1984	3024	KingsrowSetup64.1.19e.exe	28

\Users\Admin\AppData\Local\Temp\is-N4SFG.tmp\KingsrowSetup64.1.19e.tmp

Filesize
2.9MB

MD5
6cc32a8824008f92be31188ac04c0e35

SHA1
d0d86b9f53eea42b18cccb68ccb68debd4f5cc9e

SHA256
ccaa77318a34e086969988d3b342613eeea1c6893a32b7a38be26e1a35badef8

SHA512
2e5e8aaebb78b3a1462b60732bff0b33e32de53cdc342a96b69a2aa02232a2cb6364c2ef7910e243ffce8b75400c1abbb09d4ad7518e07da71627565c6bff479

Download Submit
memory/1984-8-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1984-11-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1984-15-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1984-31-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1984-34-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/3024-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/3024-0-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3024-10-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3024-36-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download