Overview

overview

8

Static

static

2022-11-23...id.exe

windows7-x64

8

2022-11-23...id.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    92s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 18:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe

  • Size

    245KB

  • MD5

    bf5e625eaa2e5796896d4b1988c6d3f6

  • SHA1

    a6bb4336940efabb1363b8f69286fbb0176a30c5

  • SHA256

    3f99cf97af6d570c69dba70bf25c30ebb5888d457a9244df408152d4b89109da

  • SHA512

    5e68846421dd24b728c6d17bf3dc76bb1de606625a67f71f8bdc8f1da0627e0cf64eff3e8ebc18e922483f79dbd75b726e5ff6bfad91d42abbfa250050260af8

  • SSDEEP

    3072:kxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:oU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2022-11-23_bf5e625eaa2e5796896d4b1988c6d3f6_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3312
    • C:\Program Files\Performance\Schirmer.exe
      "C:\Program Files\Performance\Schirmer.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Performance\Schirmer.exe
    Filesize

    245KB

    MD5

    ed965f3d61770408afb621fa45dbe5a0

    SHA1

    112576336bc30bd1b846b15b5348a0ee2924f65b

    SHA256

    8e480c2a4955cb9e6a9dd9b72a6555236f1152a89cf2ac4061034ab456895139

    SHA512

    84b5443b418a2519027483480e0636c098fea007d0e9e3e1c1c89099530d8da6c2607f3821195452eed0b7a253807b3f3fbfafbb3f6ce86da420a96806083eb7

    Download Submit
  • C:\Program Files\Performance\Schirmer.exe
    Filesize

    245KB

    MD5

    ed965f3d61770408afb621fa45dbe5a0

    SHA1

    112576336bc30bd1b846b15b5348a0ee2924f65b

    SHA256

    8e480c2a4955cb9e6a9dd9b72a6555236f1152a89cf2ac4061034ab456895139

    SHA512

    84b5443b418a2519027483480e0636c098fea007d0e9e3e1c1c89099530d8da6c2607f3821195452eed0b7a253807b3f3fbfafbb3f6ce86da420a96806083eb7

    Download Submit
  • memory/1792-132-0x0000000000000000-mapping.dmp
    Download