3f99cf97af6d570c69dba70bf25c30ebb5888d457a9244df408152d4b89109da

General

Target

2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe
Size

245KB
MD5

bf5e625eaa2e5796896d4b1988c6d3f6
SHA1

a6bb4336940efabb1363b8f69286fbb0176a30c5
SHA256

3f99cf97af6d570c69dba70bf25c30ebb5888d457a9244df408152d4b89109da
SHA512

5e68846421dd24b728c6d17bf3dc76bb1de606625a67f71f8bdc8f1da0627e0cf64eff3e8ebc18e922483f79dbd75b726e5ff6bfad91d42abbfa250050260af8
SSDEEP

3072:kxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:oU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

install.exe

pid process

976 install.exe
Loads dropped DLL 4 IoCs

Processes:

2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exeinstall.exe

pid process

1212 2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe
976 install.exe
976 install.exe
976 install.exe

pid	process
976	install.exe

Drops file in Program Files directory 2 IoCs

Processes:

2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe

description	ioc	process
File created	C:\Program Files\privileges\install.exe	2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe
File opened for modification	C:\Program Files\privileges\install.exe	2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exeinstall.exe

pid	process
1212	2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe
1212	2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe
1212	2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe
1212	2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe
976	install.exe
976	install.exe
976	install.exe
976	install.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe

description	pid	process	target process
PID 1212 wrote to memory of 976	1212	2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe	install.exe
PID 1212 wrote to memory of 976	1212	2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe	install.exe
PID 1212 wrote to memory of 976	1212	2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe	install.exe
PID 1212 wrote to memory of 976	1212	2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe	install.exe
PID 1212 wrote to memory of 976	1212	2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe	install.exe
PID 1212 wrote to memory of 976	1212	2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe	install.exe
PID 1212 wrote to memory of 976	1212	2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe	install.exe

C:\Users\Admin\AppData\Local\Temp\2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1212

C:\Program Files\privileges\install.exe
"C:\Program Files\privileges\install.exe" "33201"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:976

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\privileges\install.exe
Filesize
245KB

MD5
49474716bf3dd880daffb143c0673bc2

SHA1
885cfbb19140711593917c410afba013669ce2a0

SHA256
cab433612539f0ad3da7b61303c8510e3d540d155bc6d101781d8e8965241bd8

SHA512
8fb232c03e096667f6bbfbdd371992650f29058493c969589d0eaf45e6aa496b0ca79934140dd6eb179fa2642ff016d9e5a6f3e1424ebd6823c6c80b2f2a9965

Download Submit
C:\Program Files\privileges\install.exe
Filesize
245KB

MD5
49474716bf3dd880daffb143c0673bc2

SHA1
885cfbb19140711593917c410afba013669ce2a0

SHA256
cab433612539f0ad3da7b61303c8510e3d540d155bc6d101781d8e8965241bd8

SHA512
8fb232c03e096667f6bbfbdd371992650f29058493c969589d0eaf45e6aa496b0ca79934140dd6eb179fa2642ff016d9e5a6f3e1424ebd6823c6c80b2f2a9965

Download Submit
\Program Files\privileges\install.exe
Filesize
245KB

MD5
49474716bf3dd880daffb143c0673bc2

SHA1
885cfbb19140711593917c410afba013669ce2a0

SHA256
cab433612539f0ad3da7b61303c8510e3d540d155bc6d101781d8e8965241bd8

SHA512
8fb232c03e096667f6bbfbdd371992650f29058493c969589d0eaf45e6aa496b0ca79934140dd6eb179fa2642ff016d9e5a6f3e1424ebd6823c6c80b2f2a9965

Download Submit
\Program Files\privileges\install.exe
Filesize
245KB

MD5
49474716bf3dd880daffb143c0673bc2

SHA1
885cfbb19140711593917c410afba013669ce2a0

SHA256
cab433612539f0ad3da7b61303c8510e3d540d155bc6d101781d8e8965241bd8

SHA512
8fb232c03e096667f6bbfbdd371992650f29058493c969589d0eaf45e6aa496b0ca79934140dd6eb179fa2642ff016d9e5a6f3e1424ebd6823c6c80b2f2a9965

Download Submit
\Program Files\privileges\install.exe
Filesize
245KB

MD5
49474716bf3dd880daffb143c0673bc2

SHA1
885cfbb19140711593917c410afba013669ce2a0

SHA256
cab433612539f0ad3da7b61303c8510e3d540d155bc6d101781d8e8965241bd8

SHA512
8fb232c03e096667f6bbfbdd371992650f29058493c969589d0eaf45e6aa496b0ca79934140dd6eb179fa2642ff016d9e5a6f3e1424ebd6823c6c80b2f2a9965

Download Submit
\Program Files\privileges\install.exe
Filesize
245KB

MD5
49474716bf3dd880daffb143c0673bc2

SHA1
885cfbb19140711593917c410afba013669ce2a0

SHA256
cab433612539f0ad3da7b61303c8510e3d540d155bc6d101781d8e8965241bd8

SHA512
8fb232c03e096667f6bbfbdd371992650f29058493c969589d0eaf45e6aa496b0ca79934140dd6eb179fa2642ff016d9e5a6f3e1424ebd6823c6c80b2f2a9965

Download Submit
memory/976-56-0x0000000000000000-mapping.dmp

Download
memory/1212-54-0x0000000075E61000-0x0000000075E63000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads