Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    03/08/2023, 16:19 UTC

General

  • Target

    4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe

  • Size

    262KB

  • MD5

    4bfe678ed45802d9b87dc34c6c7c5b53

  • SHA1

    965413baa1da287e2e9ec548588dd0f4b9e44300

  • SHA256

    72fe90a1b651522b77171696e9c8a43701f55247d3defe01ddef7a828ff64f00

  • SHA512

    9c8a141d1eb80d9796dadd318484905f599adaf0009debca8d641347bbb572b2d3213243a901148f2403c70f0aa7ec6dcbe4b6cb0bea908d85bcc8205db35c8b

  • SSDEEP

    3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4bfe678ed45802d9b87dc34c6c7c5b53_icedid_JC.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Program Files\Schirmer\Addison.exe
      "C:\Program Files\Schirmer\Addison.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Schirmer\Addison.exe

    Filesize

    262KB

    MD5

    d5bb0b170edf31d356ff0de18c62e8a5

    SHA1

    2f3d0558a8f752455815a321904d2710265b4eb6

    SHA256

    c6ab61648c99283aa5660362efba43c1325f99cf8f8cecb87992bce153b1e5a1

    SHA512

    946e489a4ebb6b4af326660946f91d1038fa5b858b227b18b01bc46f426e0ee2dca005ee4126c92c08bd25549db372153689963973a545d978262d62728b3252

  • C:\Program Files\Schirmer\Addison.exe

    Filesize

    262KB

    MD5

    d5bb0b170edf31d356ff0de18c62e8a5

    SHA1

    2f3d0558a8f752455815a321904d2710265b4eb6

    SHA256

    c6ab61648c99283aa5660362efba43c1325f99cf8f8cecb87992bce153b1e5a1

    SHA512

    946e489a4ebb6b4af326660946f91d1038fa5b858b227b18b01bc46f426e0ee2dca005ee4126c92c08bd25549db372153689963973a545d978262d62728b3252

  • \Program Files\Schirmer\Addison.exe

    Filesize

    262KB

    MD5

    d5bb0b170edf31d356ff0de18c62e8a5

    SHA1

    2f3d0558a8f752455815a321904d2710265b4eb6

    SHA256

    c6ab61648c99283aa5660362efba43c1325f99cf8f8cecb87992bce153b1e5a1

    SHA512

    946e489a4ebb6b4af326660946f91d1038fa5b858b227b18b01bc46f426e0ee2dca005ee4126c92c08bd25549db372153689963973a545d978262d62728b3252

  • \Program Files\Schirmer\Addison.exe

    Filesize

    262KB

    MD5

    d5bb0b170edf31d356ff0de18c62e8a5

    SHA1

    2f3d0558a8f752455815a321904d2710265b4eb6

    SHA256

    c6ab61648c99283aa5660362efba43c1325f99cf8f8cecb87992bce153b1e5a1

    SHA512

    946e489a4ebb6b4af326660946f91d1038fa5b858b227b18b01bc46f426e0ee2dca005ee4126c92c08bd25549db372153689963973a545d978262d62728b3252

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.