Analysis
-
max time kernel
124s -
max time network
122s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 19:41
Static task
static1
Behavioral task
behavioral1
Sample
iceix_1.2.7.0.vir.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
iceix_1.2.7.0.vir.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
iceix_1.2.7.0.vir.exe
-
Size
204KB
-
MD5
b92b8f41fdbf4ab686b0d596b102f67c
-
SHA1
ecdfcdd954d17b4033ad01510e1206d021db9df3
-
SHA256
9dfd9793dd172c0c6c730d2e2b3c9b5c9daa0c7e317ff4148b19c3aa95558471
-
SHA512
dc02c9c9e4e505af9920f268f9d3d95164b0e5dd6e1e957859cef745138afc561b540921c5e1034547a7ac048d1e4b4ae9b033e6bae25a4395c52e97fbdb1153
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
iceix_1.2.7.0.vir.exepid process 3828 iceix_1.2.7.0.vir.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
iceix_1.2.7.0.vir.exedescription pid process target process PID 3828 wrote to memory of 3896 3828 iceix_1.2.7.0.vir.exe iceix_1.2.7.0.vir.exe PID 3828 wrote to memory of 3896 3828 iceix_1.2.7.0.vir.exe iceix_1.2.7.0.vir.exe PID 3828 wrote to memory of 3896 3828 iceix_1.2.7.0.vir.exe iceix_1.2.7.0.vir.exe PID 3828 wrote to memory of 3896 3828 iceix_1.2.7.0.vir.exe iceix_1.2.7.0.vir.exe PID 3828 wrote to memory of 3896 3828 iceix_1.2.7.0.vir.exe iceix_1.2.7.0.vir.exe PID 3828 wrote to memory of 3896 3828 iceix_1.2.7.0.vir.exe iceix_1.2.7.0.vir.exe PID 3828 wrote to memory of 3896 3828 iceix_1.2.7.0.vir.exe iceix_1.2.7.0.vir.exe PID 3828 wrote to memory of 3896 3828 iceix_1.2.7.0.vir.exe iceix_1.2.7.0.vir.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
iceix_1.2.7.0.vir.exedescription pid process target process PID 3828 set thread context of 3896 3828 iceix_1.2.7.0.vir.exe iceix_1.2.7.0.vir.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\iceix_1.2.7.0.vir.exe"C:\Users\Admin\AppData\Local\Temp\iceix_1.2.7.0.vir.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\iceix_1.2.7.0.vir.exe"C:\Users\Admin\AppData\Local\Temp\iceix_1.2.7.0.vir.exe"2⤵