Analysis
-
max time kernel
27s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
12-12-2022 09:07
Static task
static1
Behavioral task
behavioral1
Sample
iced2/Irs.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
iced2/Irs.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
iced2/secgymoddkid/electrofishing.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
iced2/secgymoddkid/electrofishing.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
iced2/secgymoddkid/sewala.cmd
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
iced2/secgymoddkid/sewala.cmd
Resource
win10v2004-20221111-en
General
-
Target
iced2/secgymoddkid/electrofishing.dll
-
Size
374KB
-
MD5
84e6e93a8f4b9fd5810052d501cde0ef
-
SHA1
1be390eeb1fc440f0ac7aae3f3a30406b735e8ae
-
SHA256
9141d339ec21a8b8c71df0ffa8a205c9d8af4441e74f7548e6847c106c663b23
-
SHA512
4925461622045335635972396aed2d5a84e47eef590c17521eca6db1f8507698fe880280f2e652bbcd6994ae3bd66e486fc6271e841e01075a4fb07aa6b6989e
-
SSDEEP
6144:g0FOhm3Y1LfpDqnkIBwcu/oDdzr88vAHL/P27ysDPXoPcTPinEgrTytlRNKIg8g4:g0km3YYY/ohhvAHLnFWPXoPcTPbgrmtn
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 832 1260 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1260 wrote to memory of 832 1260 rundll32.exe WerFault.exe PID 1260 wrote to memory of 832 1260 rundll32.exe WerFault.exe PID 1260 wrote to memory of 832 1260 rundll32.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/832-54-0x0000000000000000-mapping.dmp