Overview

overview

3

Static

static

3

IceRiver_M...ol.exe

windows7-x64

1

IceRiver_M...ol.exe

windows10-2004-x64

1

Newtonsoft.Json.dll

windows7-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

en/ICMiner...es.dll

windows7-x64

1

en/ICMiner...es.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    31-07-2023 23:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IceRiver_MinerTool.exe

  • Size

    523KB

  • MD5

    254e1d913d8fc7cc30d343eed07e6959

  • SHA1

    5f944a9f78997a35304bea51cb031d28f90607e6

  • SHA256

    16c90e82014e50aebb492a0389fa2a2b21839d7b63489a1a4a055141bb2df13e

  • SHA512

    7c85c959b8931010620193c27e0f1b716c50fcf46f9c2c0766494e3df8142585480b3550e7687efae01d070afcddcbc3c4e3ac3bfce7400209d711f94acf0b4e

  • SSDEEP

    12288:I3UkF30hqJ1e4LNq19JmPyHEgM2B3Po5Xo9sP:D3Po5l

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IceRiver_MinerTool.exe
    "C:\Users\Admin\AppData\Local\Temp\IceRiver_MinerTool.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Config.xml
    Filesize

    2KB

    MD5

    62d53d6495c645b1d89e1dbd6576bd03

    SHA1

    51e45361676412c0d6c0f1f15ea56b42d3e11bdf

    SHA256

    81764301acd627bfbdc3b87ad10d464893ef17336b9334827f9e7d86e77b48da

    SHA512

    df76f7d085d6597b549611268ed98fdf496d302e215ddd55d58bd50ffc7d5d40a3cb24caf1372620bedbabe7f95cb9d98b42dc0824163ecf87af11d3504a1671

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Config.xml
    Filesize

    2KB

    MD5

    1b5320017397788361da6b5b996f8033

    SHA1

    277f01946137248e5568e767da59ca78f2bd9341

    SHA256

    3bb14dc1a0e1491cd5b197f3a15164508dccdc5c8db033f132c8cf2999a8bf78

    SHA512

    de061acfd0ff9e70909049befb60533725765eb8bd56bb8f766a4dcd45670cc85821811d5f8798df65ff2a0853524e7f43a7262904a306426f8d3b53921a317c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Config.xml
    Filesize

    1KB

    MD5

    d5a664b76ba051f138bc2b2c4f887145

    SHA1

    6a2544f9c2f80a31dcd7cc5ee3dbce0ac4e2448f

    SHA256

    7d096db0c92c30cc6388ae6a7e53aa02680ed3d0b038e2b7c7e1e657937eab33

    SHA512

    2b2ec071db008d91caee5911002af577a9d66e8fd0debc99f29c650f9b1b14a1bf41dbb229c6a0fbc2ec3d2bf0a61ec0ae31e952ccdb23cafd0ef6be0814bb3b

    Download Submit

  • memory/2652-56-0x00000000004A0000-0x00000000004D2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2652-57-0x0000000004890000-0x00000000048D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2652-58-0x0000000004890000-0x00000000048D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2652-53-0x00000000001B0000-0x0000000000238000-memory.dmp

    Filesize

    544KB

    Download

  • memory/2652-55-0x0000000004890000-0x00000000048D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2652-54-0x0000000073F40000-0x000000007462E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2652-133-0x0000000073F40000-0x000000007462E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2652-134-0x0000000004890000-0x00000000048D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2652-135-0x0000000004890000-0x00000000048D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2652-138-0x0000000004890000-0x00000000048D0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2652-140-0x0000000004890000-0x00000000048D0000-memory.dmp

    Filesize

    256KB

    Download