popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1IC.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 11, 2023, 10:51 p.m. June 11, 2023, 11:25 p.m.
Size 103.0KB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 1747af9f1b9db5785c6913ac2ead8ef3
SHA256 5a268b88ea8b1cad2a07b43e855af3ad4f5e9fb0e1aef21ab4d2a66306c3dca4
CRC32 5E80C343
ssdeep 3072:utNFuBMb+6qKQrKtoNFdUlaPPOirDv23byVT:Mr+lKQrQC0GT
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
43.153.222.28 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49174 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 43.153.222.28:4646 -> 192.168.56.103:49162 2035442 ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1 A Network Trojan was detected
TCP 192.168.56.103:49172 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49185 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49177 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49196 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49180 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49201 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49182 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49204 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49187 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49217 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49191 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49229 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49192 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49235 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49195 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49237 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49197 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49244 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49199 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49246 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49200 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49248 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49212 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49249 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49173 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49216 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49253 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49203 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49221 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49208 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49222 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49215 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49232 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49223 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49238 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49166 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49225 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49239 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49163 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49168 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49227 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49241 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49165 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49169 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49231 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49245 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49175 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49167 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49233 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49256 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49181 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49171 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49258 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49240 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49183 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49176 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49242 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49188 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49178 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49243 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49190 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49184 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49254 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49198 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49186 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49265 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49202 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49210 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49268 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49209 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49219 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49271 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49224 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49228 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49226 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49234 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49247 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49236 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49250 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49252 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49260 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49255 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49262 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49259 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49263 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49264 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49267 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49266 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49170 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49179 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49189 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49193 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49194 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49205 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49206 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49207 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49211 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49213 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49214 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49218 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49220 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49230 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49251 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49257 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49261 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49269 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected
TCP 192.168.56.103:49270 -> 43.153.222.28:4646 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 872
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000003c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 872
region_size: 4194304
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000003590000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 872
region_size: 323584
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002480000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
host 43.153.222.28
process 1IC.exe useragent
process 1IC.exe useragent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ESES)
Lionic Trojan.Win32.Generic.4!c
Cynet Malicious (score: 100)
ALYac Trojan.GenericKDZ.95079
Malwarebytes Malware.AI.1789148421
VIPRE Trojan.GenericKDZ.95079
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKDZ.95079
K7GW Trojan ( 005811cf1 )
Cyren W64/Rozena.DW.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Rozena.LF
Kaspersky Backdoor.Win32.Cobalt.eax
Alibaba Backdoor:Win64/Cobalt.9dc9a9ec
ViRobot Trojan.Win.Z.Rozena.105472.S
MicroWorld-eScan Trojan.GenericKDZ.95079
Avast Win64:BackdoorX-gen [Trj]
Emsisoft Trojan.GenericKDZ.95079 (B)
F-Secure Trojan.TR/Rozena.pucbe
DrWeb BackDoor.CobaltStrike.182
TrendMicro Backdoor.Win64.COBEACON.YXDFJZ
McAfee-GW-Edition RDN/Generic BackDoor
FireEye Trojan.GenericKDZ.95079
Sophos Mal/Generic-S
Ikarus Trojan.Win64.Rozena
Avira TR/Rozena.pucbe
MAX malware (ai score=80)
Antiy-AVL Trojan/Win64.ShellcodeRunner
Microsoft Trojan:Win64/CobaltStrike.SPW!MTB
Gridinsoft Trojan.Win64.CobaltStrike.bot
Arcabit Trojan.Generic.D17367
ZoneAlarm Backdoor.Win32.Cobalt.eax
GData Trojan.GenericKDZ.95079
Google Detected
AhnLab-V3 Trojan/Win.Generic.R572731
McAfee Artemis!1747AF9F1B9D
Cylance unsafe
Panda Trj/CI.A
TrendMicro-HouseCall Backdoor.Win64.COBEACON.YXDFJZ
Tencent Malware.Win32.Gencirc.10be7bc0
Fortinet W64/Rozena.KP!tr
AVG Win64:BackdoorX-gen [Trj]
DeepInstinct MALICIOUS