Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
12-12-2022 09:07
Static task
static1
Behavioral task
behavioral1
Sample
iced2/Irs.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
iced2/Irs.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
iced2/secgymoddkid/electrofishing.dll
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
iced2/secgymoddkid/electrofishing.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
iced2/secgymoddkid/sewala.cmd
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
iced2/secgymoddkid/sewala.cmd
Resource
win10v2004-20221111-en
General
-
Target
iced2/secgymoddkid/sewala.cmd
-
Size
1KB
-
MD5
74fc76546fb2b58c5fe05b97c3354059
-
SHA1
805b4c605ff6f2cd9bc38ba502983b20fea4f297
-
SHA256
9311f2af0242350be45d18dcbf52e8477c052239ef9244fe08c43849c6cf76a0
-
SHA512
e1a9b419b0ae6df843829715c1d4b353f72097376e4d088d16c1a126a842b1b9cbafcd9a9609f79b999d41e036f4533c30db18e1354376a055f7cc1436338284
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1060 wrote to memory of 1996 1060 cmd.exe xcopy.exe PID 1060 wrote to memory of 1996 1060 cmd.exe xcopy.exe PID 1060 wrote to memory of 1996 1060 cmd.exe xcopy.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1996-54-0x0000000000000000-mapping.dmp