Overview

overview

7

Static

static

3

a0784f4b4c...JC.exe

windows7-x64

7

a0784f4b4c...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    26/08/2023, 13:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a0784f4b4cf5806c91ab1ac486961d12_icedid_JC.exe

  • Size

    407KB

  • MD5

    a0784f4b4cf5806c91ab1ac486961d12

  • SHA1

    070593aba7c20796f3adb378f5c473b3b10b57d2

  • SHA256

    3420fca263ba239fd6dd136975267d5a96c0d0f8c1e0bd8c0f48e696f501ebbe

  • SHA512

    8a0cf6961de890523072442c757202207785ede19f5cadceb209b51ff0ca928d5acbd1d878c299ce43c95859f8e3e30a18e56a5c168235b4cfcf4ef2bff4e4ac

  • SSDEEP

    12288:EplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:AxRQ+Fucuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0784f4b4cf5806c91ab1ac486961d12_icedid_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\a0784f4b4cf5806c91ab1ac486961d12_icedid_JC.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Program Files\Korean\Polish.exe
      "C:\Program Files\Korean\Polish.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:620

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Korean\Polish.exe
          Filesize

          407KB

          MD5

          8fbe007448ddce1795e5fd7b19393eeb

          SHA1

          7eaa83b409c28009542231daa5d6e774bd1cf522

          SHA256

          815daa82cdd4d9362b2411b4844d37cd21386565c3690ad973e7352c01f69735

          SHA512

          1882c5693138af4f1b88194690e56991f1f4881b22bcbd59e5a569bce9fc28007632f1ec829b85656e32a036e6e9ab7a2eb8bb3fb0ecee8e5fb84591a740bf51

          Download Submit

        • C:\Program Files\Korean\Polish.exe
          Filesize

          407KB

          MD5

          8fbe007448ddce1795e5fd7b19393eeb

          SHA1

          7eaa83b409c28009542231daa5d6e774bd1cf522

          SHA256

          815daa82cdd4d9362b2411b4844d37cd21386565c3690ad973e7352c01f69735

          SHA512

          1882c5693138af4f1b88194690e56991f1f4881b22bcbd59e5a569bce9fc28007632f1ec829b85656e32a036e6e9ab7a2eb8bb3fb0ecee8e5fb84591a740bf51

          Download Submit

        • \Program Files\Korean\Polish.exe
          Filesize

          407KB

          MD5

          8fbe007448ddce1795e5fd7b19393eeb

          SHA1

          7eaa83b409c28009542231daa5d6e774bd1cf522

          SHA256

          815daa82cdd4d9362b2411b4844d37cd21386565c3690ad973e7352c01f69735

          SHA512

          1882c5693138af4f1b88194690e56991f1f4881b22bcbd59e5a569bce9fc28007632f1ec829b85656e32a036e6e9ab7a2eb8bb3fb0ecee8e5fb84591a740bf51

          Download Submit

        • \Program Files\Korean\Polish.exe
          Filesize

          407KB

          MD5

          8fbe007448ddce1795e5fd7b19393eeb

          SHA1

          7eaa83b409c28009542231daa5d6e774bd1cf522

          SHA256

          815daa82cdd4d9362b2411b4844d37cd21386565c3690ad973e7352c01f69735

          SHA512

          1882c5693138af4f1b88194690e56991f1f4881b22bcbd59e5a569bce9fc28007632f1ec829b85656e32a036e6e9ab7a2eb8bb3fb0ecee8e5fb84591a740bf51

          Download Submit