Overview

overview

7

Static

static

3

379bc7f46f...JC.exe

windows7-x64

7

379bc7f46f...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2023, 17:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    379bc7f46fe12bfa51a84d8e4676009c_icedid_JC.exe

  • Size

    3.9MB

  • MD5

    379bc7f46fe12bfa51a84d8e4676009c

  • SHA1

    ff9c574e88262e64ef932b8c94a83a32dccfdb41

  • SHA256

    6d3fd1ba56b0a487471996aadb9208f840ea63fae24ecedbf0ee9deb5032994c

  • SHA512

    ba12599b8137d719c18e428ec7e3993d4f417d0e38cfa0d8122c503d04e94595eefdc1cb63c15e29dd60a5f9967dba92bad0f128072c572dcb292f93cdd2eca1

  • SSDEEP

    98304:4Hr27FFVleS9nBFAUr9PyJxwf+8SWLlbygg3hR/CcXAYseFqoe0DhQ:9BFAAyJxwf+8oD/COFqoe0DC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Pharos\PrnInstall.exe
    "C:\Users\Admin\AppData\Local\Temp\Pharos\PrnInstall.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    PID:1764
  • C:\Users\Admin\AppData\Local\Temp\379bc7f46fe12bfa51a84d8e4676009c_icedid_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\379bc7f46fe12bfa51a84d8e4676009c_icedid_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Pharos\PrnInstall.exe
    Filesize

    1.8MB

    MD5

    50b4d4b29a95a69db2aa1a1eea3ee5d7

    SHA1

    03c5dd378bcdc4c486dab3d6e8ff7d775a1e8b4d

    SHA256

    18247eb953a221a2af2b8f18342d2d0f6f8aaf64a44e4ec26be8191628b85e38

    SHA512

    dad0b44b4bbf1fc028ffa49e975abb2891a174b15c4282d9db0a113fc5fa9d9e1c7304c16bb9581d214727908103dfc3219e297bd988d7d63c924c8f391797df

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Pharos\printer.xml
    Filesize

    484KB

    MD5

    a734bdff7562d4f8c4d3ce1cb08a0a8e

    SHA1

    09f28920a9e2ae2ab157757ad52fa2b46ebc9f37

    SHA256

    477da8d9d47407e475e0bb3d2a7ff48b8d5606d79b06b03b7d2866440f4b3341

    SHA512

    199009d20be4268b0d2b3684fe6a0b3425a8b1b77d152295e8fec280e2db7b79dd10519b6cc5e8ebf4ba2af60ccd96d6e986b7e78bcb944910411e87731ef236

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Pharos\PrnInstall.exe
    Filesize

    1.8MB

    MD5

    50b4d4b29a95a69db2aa1a1eea3ee5d7

    SHA1

    03c5dd378bcdc4c486dab3d6e8ff7d775a1e8b4d

    SHA256

    18247eb953a221a2af2b8f18342d2d0f6f8aaf64a44e4ec26be8191628b85e38

    SHA512

    dad0b44b4bbf1fc028ffa49e975abb2891a174b15c4282d9db0a113fc5fa9d9e1c7304c16bb9581d214727908103dfc3219e297bd988d7d63c924c8f391797df

    Download Submit