88418205ad303c208f27e1efeef81032ce7373d0d005cdbe4d890d7351b5674c | Triage

Analysis

max time kernel
30s
max time network
20s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01-05-2024 00:51

Sharing

Report Analysis Logs

General

Target

hacked client (rats) LMAO/icetea.exe
Size

629KB
MD5

ec75749551b255093e77a5d6c1d72e1b
SHA1

fac81f6c1f1bd668b66f2d1d84c6fe2a4e6b0c98
SHA256

1a9f99be6ea38d09047da97d68350d5c04f59cd40269569271ff3231fbabb32d
SHA512

2db7db3fe569d70e476d05f8b4e88e2f5d22ecccce12dca745208001078d0cd9c7f00711b32c2599d2b594f98a6a6ff20ef9c133d3c133654782788f8e5198e8
SSDEEP

12288:sLzn/Pp+rhlRXD4OAo+e9ipG+60o18wnqQ:sHn/PpwhLT4OAFyiEd18wnq

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

icetea.exe

pid process

5000 icetea.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

icetea.exe

description	pid	process
Token: SeDebugPrivilege	5000	icetea.exe
Token: SeSecurityPrivilege	5000	icetea.exe
Token: SeDebugPrivilege	5000	icetea.exe
Token: SeSecurityPrivilege	5000	icetea.exe

C:\Users\Admin\AppData\Local\Temp\hacked client (rats) LMAO\icetea.exe
"C:\Users\Admin\AppData\Local\Temp\hacked client (rats) LMAO\icetea.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:5000

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...