e4f0a9d751979779844dbfa667cf901b1d297f986201870d365fadb3eea3d451 | Triage

Analysis

max time kernel
126s
max time network
127s
platform
windows10_x64
resource
win10
submitted
19-07-2020 19:41

Sharing

Report Analysis Logs

General

Target

iceix_1.1.6.0.vir.exe
Size

212KB
MD5

1b4a2c8c5fd4b3d3d5ac502efc6886ae
SHA1

dfcd9d67e66dc9cd0f59b37858caeb11e08f88aa
SHA256

e4f0a9d751979779844dbfa667cf901b1d297f986201870d365fadb3eea3d451
SHA512

2180e72c8823493a50daa50f34c342b83d3d79123bb97d46a6b62bf876a2a060d8ef49ef5e6e3c1b3b149b3a7ef06bd2d166d66fbbea14b94c75c9ff3cd1ee22

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

iceix_1.1.6.0.vir.exe

description pid process target process

PID 3820 set thread context of 3956 3820 iceix_1.1.6.0.vir.exe iceix_1.1.6.0.vir.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

iceix_1.1.6.0.vir.exe

description	pid	process	target process
PID 3820 wrote to memory of 3956	3820	iceix_1.1.6.0.vir.exe	iceix_1.1.6.0.vir.exe
PID 3820 wrote to memory of 3956	3820	iceix_1.1.6.0.vir.exe	iceix_1.1.6.0.vir.exe
PID 3820 wrote to memory of 3956	3820	iceix_1.1.6.0.vir.exe	iceix_1.1.6.0.vir.exe
PID 3820 wrote to memory of 3956	3820	iceix_1.1.6.0.vir.exe	iceix_1.1.6.0.vir.exe
PID 3820 wrote to memory of 3956	3820	iceix_1.1.6.0.vir.exe	iceix_1.1.6.0.vir.exe
PID 3820 wrote to memory of 3956	3820	iceix_1.1.6.0.vir.exe	iceix_1.1.6.0.vir.exe
PID 3820 wrote to memory of 3956	3820	iceix_1.1.6.0.vir.exe	iceix_1.1.6.0.vir.exe
PID 3820 wrote to memory of 3956	3820	iceix_1.1.6.0.vir.exe	iceix_1.1.6.0.vir.exe

C:\Users\Admin\AppData\Local\Temp\iceix_1.1.6.0.vir.exe
"C:\Users\Admin\AppData\Local\Temp\iceix_1.1.6.0.vir.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3820

C:\Users\Admin\AppData\Local\Temp\iceix_1.1.6.0.vir.exe
"C:\Users\Admin\AppData\Local\Temp\iceix_1.1.6.0.vir.exe"
2⤵
PID:3956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3956-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3956-1-0x0000000000417CDB-mapping.dmp

Download
memory/3956-2-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download