Overview

overview

7

Static

static

3

a0196ae0f9...JC.exe

windows7-x64

7

a0196ae0f9...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    26/08/2023, 12:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a0196ae0f918991beae0def1e48ccc76_icedid_JC.exe

  • Size

    3.8MB

  • MD5

    a0196ae0f918991beae0def1e48ccc76

  • SHA1

    9f37c7f693f914bd3dda54b53f55b4b57bc4d079

  • SHA256

    2261f7342d57cc4e728ae7071b245e7cf729875980c4128413e19a4e97e122f6

  • SHA512

    0d9e201ed642cb6a4b507041795f0956729d7f8935a9036bc4c07e2662abac6543d688ad78680d1d8000002518fc2107f7143cfd70c0f2e6e7636fc1fc28888e

  • SSDEEP

    98304:4Hr27FFVleS9nBFAUr9PyJxwf+ZSWLlbygg3hR/CcXAYseFqoe0Dh4:9BFAAyJxwf+ZoD/COFqoe0Dy

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0196ae0f918991beae0def1e48ccc76_icedid_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\a0196ae0f918991beae0def1e48ccc76_icedid_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2900
    • C:\Users\Admin\AppData\Local\Temp\Pharos\PrnInstall.exe
      "C:\Users\Admin\AppData\Local\Temp\Pharos\PrnInstall.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2044

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Pharos\PrnInstall.exe
          Filesize

          1.8MB

          MD5

          50b4d4b29a95a69db2aa1a1eea3ee5d7

          SHA1

          03c5dd378bcdc4c486dab3d6e8ff7d775a1e8b4d

          SHA256

          18247eb953a221a2af2b8f18342d2d0f6f8aaf64a44e4ec26be8191628b85e38

          SHA512

          dad0b44b4bbf1fc028ffa49e975abb2891a174b15c4282d9db0a113fc5fa9d9e1c7304c16bb9581d214727908103dfc3219e297bd988d7d63c924c8f391797df

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Pharos\printer.xml
          Filesize

          394KB

          MD5

          b4637ae20f10c035e0c74ef7ca17b700

          SHA1

          dc8f8ca50eb9ca9ea87a3de7770b1e6da7cd7bcc

          SHA256

          77875b33da70216d52b7bb50400c2202240acba8c7298c9d8b9c83f574c4ddd7

          SHA512

          26aa43cd7a08ce8cfb31a0706bee572252738d7f9fe0644b7466abf4ded32eb8530545c230f8e5be467a11be4c9073e89da4a14f3355e551396633fe50fcfcd6

          Download Submit

        • \Users\Admin\AppData\Local\Temp\Pharos\PrnInstall.exe
          Filesize

          1.8MB

          MD5

          50b4d4b29a95a69db2aa1a1eea3ee5d7

          SHA1

          03c5dd378bcdc4c486dab3d6e8ff7d775a1e8b4d

          SHA256

          18247eb953a221a2af2b8f18342d2d0f6f8aaf64a44e4ec26be8191628b85e38

          SHA512

          dad0b44b4bbf1fc028ffa49e975abb2891a174b15c4282d9db0a113fc5fa9d9e1c7304c16bb9581d214727908103dfc3219e297bd988d7d63c924c8f391797df

          Download Submit