39870ff96424728cc97ae2954c78c418f7e9abea8e75a7d428e2d5a633941128

Analysis

max time kernel
3s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Icarus v1.1.0-v2.0.0 Plus 27 Trainer.exe
Size

1.3MB
MD5

d8e8976bf706f06ec78ef9e3bdb9dc5f
SHA1

8d1bc18874c3f3b63f46e5428a108e4516e53570
SHA256

b5b337a4384ec214facccd824d364f3033fc6136a06a09ef52317c34635a49a1
SHA512

7bc1be997dfe0e56e6f7bafb4f0dc6225f2f518711c2bd232bb4968ea551829b24ecb77a38a70385da4146f7b81f665e6ca6a186770e86b8e93cc4e86da0e244
SSDEEP

24576:xxtfrQaMXAXb23vIDTfCh21DSVXT5XuM7Fp9Cya:lfrQaMXC28TK7XT5X3BvC1

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2044	Icarus v1.1.0-v2.0.0 Plus 27 Trainer.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2044	Icarus v1.1.0-v2.0.0 Plus 27 Trainer.exe
Token: SeDebugPrivilege	2044	Icarus v1.1.0-v2.0.0 Plus 27 Trainer.exe

C:\Users\Admin\AppData\Local\Temp\Icarus v1.1.0-v2.0.0 Plus 27 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Icarus v1.1.0-v2.0.0 Plus 27 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
293c67149985b72fe1325aecbf5b3166

SHA1
0882365f1791affecdc9004738522939afea43eb

SHA256
5a5cd815d231f2c7bcc2b607b95df16e26a7f500ad0516e264be9942d85ad4d6

SHA512
0e5ed91f4e2bec467fa8b8cd9c36867a50379dae5152996841b30bd268975c41f2285e24fb392fabef8ae9dd0027375c1910381d0a385da19ef374b030b3b456

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7725.tmp

Filesize
54KB

MD5
5760ae1f276439535c3f557ae809ba0b

SHA1
584f0dc5c74902253587aaa241319813d897a843

SHA256
10a14c10e9276704ba090277c8d08680b96d3bbd5f2c66820620f14cc1e82666

SHA512
e91f0d23879f885be9f4bf56957c41f8f26e5eaaf8d70f0788d848ef2e29fd4350289138daf47bca3aefac5971136bca94d4bcd5a61348ea6b28129ddbd143fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar77D4.tmp

Filesize
62KB

MD5
21a813090148d7f457b22863dd54f30e

SHA1
6c3c19b036016af35b0444f4c2f1bdbf11875139

SHA256
bc228ca1bf234262e589e66c94bc14da4ad51c1b0b34f233deace70d903ddaa2

SHA512
c5810f83126338751c6e27738a965fcb9f5f4593d34920c0c9839fbb6b1f6749671ac13a650060f0033abb90cc0da66c979e22456b4879f8c7808352b7d873b0

Download Submit
memory/2044-5-0x0000000001D20000-0x0000000001DA0000-memory.dmp

Filesize
512KB

Download
memory/2044-4-0x00000000003A0000-0x00000000003AA000-memory.dmp

Filesize
40KB

Download
memory/2044-3-0x00000000003A0000-0x00000000003AA000-memory.dmp

Filesize
40KB

Download
memory/2044-9-0x0000000001D20000-0x0000000001DA0000-memory.dmp

Filesize
512KB

Download
memory/2044-0-0x0000000000240000-0x0000000000274000-memory.dmp

Filesize
208KB

Download
memory/2044-2-0x0000000001D20000-0x0000000001DA0000-memory.dmp

Filesize
512KB

Download
memory/2044-1-0x000007FEF5350000-0x000007FEF5D3C000-memory.dmp

Filesize
9.9MB

Download
memory/2044-90-0x000007FEF5350000-0x000007FEF5D3C000-memory.dmp

Filesize
9.9MB

Download
memory/2044-91-0x0000000001D20000-0x0000000001DA0000-memory.dmp

Filesize
512KB

Download
memory/2044-92-0x0000000001D20000-0x0000000001DA0000-memory.dmp

Filesize
512KB

Download
memory/2044-94-0x00000000003A0000-0x00000000003AA000-memory.dmp

Filesize
40KB

Download
memory/2044-93-0x00000000003A0000-0x00000000003AA000-memory.dmp

Filesize
40KB

Download