d5290fdaf9a6a287dd2af73015130a6ec7cba0be5abf37fbcdb98c7ac98e2de9

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
26-08-2023 19:35

Target

a517fd97d08930d22c443068784ac71e_icedid_JC.exe
Size

10.0MB
MD5

a517fd97d08930d22c443068784ac71e
SHA1

ca146e4d1dda85484449739f25141301f7e504b9
SHA256

d5290fdaf9a6a287dd2af73015130a6ec7cba0be5abf37fbcdb98c7ac98e2de9
SHA512

0ead21e1c11b72b59ca2ce9b0ea333f61381b8b10724bfcef322c116006928b306d53bc24fc43ed98ab16116b08f292fb628fb0d6896494e8a5d19a3e3ca6b28
SSDEEP

196608:dVO93n3MMfaVUGN6AIy12SGf5rlWYDLZ4njgwYYa5fDM2xAl8RFerxmSiQYJG0:detfghIC2ldlWYDOnK9DM4WrE9Jv

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
800	1448	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 13 IoCs

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1448	a517fd97d08930d22c443068784ac71e_icedid_JC.exe
1448	a517fd97d08930d22c443068784ac71e_icedid_JC.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 800	1448	a517fd97d08930d22c443068784ac71e_icedid_JC.exe	28
PID 1448 wrote to memory of 800	1448	a517fd97d08930d22c443068784ac71e_icedid_JC.exe	28
PID 1448 wrote to memory of 800	1448	a517fd97d08930d22c443068784ac71e_icedid_JC.exe	28
PID 1448 wrote to memory of 800	1448	a517fd97d08930d22c443068784ac71e_icedid_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\a517fd97d08930d22c443068784ac71e_icedid_JC.exe
"C:\Users\Admin\AppData\Local\Temp\a517fd97d08930d22c443068784ac71e_icedid_JC.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 456
  2⤵
  - Program crash
  PID:800