4bbbd985c466704a96ff939f0b3f42efd162adaefa1ae9025e43fbc2ce254101 | Triage

Analysis

max time kernel
141s
max time network
133s
platform
windows10_x64
resource
win10
submitted
19-07-2020 19:32

Sharing

Report Analysis Logs

General

Target

iceix_1.1.0.0.vir.exe
Size

204KB
MD5

c0ead8298af19f5c2fc1508ba0172395
SHA1

ffe1920e7ab7d3e0ceb229a660b234d8e4eaea35
SHA256

4bbbd985c466704a96ff939f0b3f42efd162adaefa1ae9025e43fbc2ce254101
SHA512

5e279ad1df6b7fd8c9fa9c464583e28198f3ad8e34ece48d78f6d6589944e44563ba5ebda9b92eab4052cca63d47ca750e045106dff9d5864051d0ae73f1d2ab

Score

5^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

iceix_1.1.0.0.vir.exe

description	pid	process	target process
PID 2920 wrote to memory of 3112	2920	iceix_1.1.0.0.vir.exe	iceix_1.1.0.0.vir.exe
PID 2920 wrote to memory of 3112	2920	iceix_1.1.0.0.vir.exe	iceix_1.1.0.0.vir.exe
PID 2920 wrote to memory of 3112	2920	iceix_1.1.0.0.vir.exe	iceix_1.1.0.0.vir.exe
PID 2920 wrote to memory of 3112	2920	iceix_1.1.0.0.vir.exe	iceix_1.1.0.0.vir.exe
PID 2920 wrote to memory of 3112	2920	iceix_1.1.0.0.vir.exe	iceix_1.1.0.0.vir.exe
PID 2920 wrote to memory of 3112	2920	iceix_1.1.0.0.vir.exe	iceix_1.1.0.0.vir.exe
PID 2920 wrote to memory of 3112	2920	iceix_1.1.0.0.vir.exe	iceix_1.1.0.0.vir.exe
PID 2920 wrote to memory of 3112	2920	iceix_1.1.0.0.vir.exe	iceix_1.1.0.0.vir.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

iceix_1.1.0.0.vir.exe

description pid process target process

PID 2920 set thread context of 3112 2920 iceix_1.1.0.0.vir.exe iceix_1.1.0.0.vir.exe

C:\Users\Admin\AppData\Local\Temp\iceix_1.1.0.0.vir.exe
"C:\Users\Admin\AppData\Local\Temp\iceix_1.1.0.0.vir.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
PID:2920

C:\Users\Admin\AppData\Local\Temp\iceix_1.1.0.0.vir.exe
"C:\Users\Admin\AppData\Local\Temp\iceix_1.1.0.0.vir.exe"
2⤵
PID:3112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3112-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3112-1-0x000000000040FD1F-mapping.dmp

Download
memory/3112-2-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download