f16537dc0f6e3a811d82aeb2372420268dbb37b5a450745860bece8255d82d8e

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
05/08/2023, 11:08

Target

6c91ceefbbfa4b373533731b5f3f90ed_icedid_JC.exe
Size

260KB
MD5

6c91ceefbbfa4b373533731b5f3f90ed
SHA1

1c46b3620291549551387588ac7e39a3427ca144
SHA256

f16537dc0f6e3a811d82aeb2372420268dbb37b5a450745860bece8255d82d8e
SHA512

6ca160e56ff0e7c5a6d07b7788ff5915f58cf413d7a2d4aa15f11db31dd809d13f3fb8aca16128f3a80b2a74f183cfa8d88f9aa4bf8b33d6a759447a4c957aef
SSDEEP

3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
828	progress.exe

Loads dropped DLL 2 IoCs

pid	Process
1036	6c91ceefbbfa4b373533731b5f3f90ed_icedid_JC.exe
1036	6c91ceefbbfa4b373533731b5f3f90ed_icedid_JC.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\agreement\progress.exe	6c91ceefbbfa4b373533731b5f3f90ed_icedid_JC.exe
File created	C:\Program Files\agreement\progress.exe	6c91ceefbbfa4b373533731b5f3f90ed_icedid_JC.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1036	6c91ceefbbfa4b373533731b5f3f90ed_icedid_JC.exe
1036	6c91ceefbbfa4b373533731b5f3f90ed_icedid_JC.exe
1036	6c91ceefbbfa4b373533731b5f3f90ed_icedid_JC.exe
1036	6c91ceefbbfa4b373533731b5f3f90ed_icedid_JC.exe
828	progress.exe
828	progress.exe
828	progress.exe
828	progress.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 828	1036	6c91ceefbbfa4b373533731b5f3f90ed_icedid_JC.exe	28
PID 1036 wrote to memory of 828	1036	6c91ceefbbfa4b373533731b5f3f90ed_icedid_JC.exe	28
PID 1036 wrote to memory of 828	1036	6c91ceefbbfa4b373533731b5f3f90ed_icedid_JC.exe	28
PID 1036 wrote to memory of 828	1036	6c91ceefbbfa4b373533731b5f3f90ed_icedid_JC.exe	28

C:\Program Files\agreement\progress.exe

Filesize
260KB

MD5
6e1c9478958bb90e0864509c969af75c

SHA1
6cd3fbc399ffb67b236f0cf2e2cfe6fbf0c0ad78

SHA256
09430501912188b774ffb1282f4a8059e1038a720ced7422e77ce7f32c805680

SHA512
4dc5a9dae17fbcf3a4136c4bc3ff4f24a3c0609e2f1acb4b245c2b9ba60579c20a2543d785cb8de9fb38c7a066d5d3c648018a1f683da7f290478661a7c54c68

Download Submit
C:\Program Files\agreement\progress.exe

Filesize
260KB

MD5
6e1c9478958bb90e0864509c969af75c

SHA1
6cd3fbc399ffb67b236f0cf2e2cfe6fbf0c0ad78

SHA256
09430501912188b774ffb1282f4a8059e1038a720ced7422e77ce7f32c805680

SHA512
4dc5a9dae17fbcf3a4136c4bc3ff4f24a3c0609e2f1acb4b245c2b9ba60579c20a2543d785cb8de9fb38c7a066d5d3c648018a1f683da7f290478661a7c54c68

Download Submit
\Program Files\agreement\progress.exe

Filesize
260KB

MD5
6e1c9478958bb90e0864509c969af75c

SHA1
6cd3fbc399ffb67b236f0cf2e2cfe6fbf0c0ad78

SHA256
09430501912188b774ffb1282f4a8059e1038a720ced7422e77ce7f32c805680

SHA512
4dc5a9dae17fbcf3a4136c4bc3ff4f24a3c0609e2f1acb4b245c2b9ba60579c20a2543d785cb8de9fb38c7a066d5d3c648018a1f683da7f290478661a7c54c68

Download Submit
\Program Files\agreement\progress.exe

Filesize
260KB

MD5
6e1c9478958bb90e0864509c969af75c

SHA1
6cd3fbc399ffb67b236f0cf2e2cfe6fbf0c0ad78

SHA256
09430501912188b774ffb1282f4a8059e1038a720ced7422e77ce7f32c805680

SHA512
4dc5a9dae17fbcf3a4136c4bc3ff4f24a3c0609e2f1acb4b245c2b9ba60579c20a2543d785cb8de9fb38c7a066d5d3c648018a1f683da7f290478661a7c54c68

Download Submit