2ab207f72fbee0959fee2e9e24ef94b82107e4d6427299bd247ff39a113c91b4

Analysis

max time kernel
147s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2023, 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2023-08-27_3dc49cafcffcdceff64305268c2719b0_icedid_JC.exe
Size

282KB
MD5

3dc49cafcffcdceff64305268c2719b0
SHA1

1e2d857de8913dc1017aa1a20abf0fa9a652ce13
SHA256

2ab207f72fbee0959fee2e9e24ef94b82107e4d6427299bd247ff39a113c91b4
SHA512

1ef1d600f478630b3bb5a89a57930752bd7ce3b3fea7abf4091d1b0eeac2c26b0cadf1b92dda8301a1e0f387a96d293b954620d7dd778a7f4c44bbffe4e2d488
SSDEEP

3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4148	Platform.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\convention\Platform.exe	2023-08-27_3dc49cafcffcdceff64305268c2719b0_icedid_JC.exe
File opened for modification	C:\Program Files\convention\Platform.exe	2023-08-27_3dc49cafcffcdceff64305268c2719b0_icedid_JC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1892	svchost.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3864	2023-08-27_3dc49cafcffcdceff64305268c2719b0_icedid_JC.exe
3864	2023-08-27_3dc49cafcffcdceff64305268c2719b0_icedid_JC.exe
3864	2023-08-27_3dc49cafcffcdceff64305268c2719b0_icedid_JC.exe
3864	2023-08-27_3dc49cafcffcdceff64305268c2719b0_icedid_JC.exe
4148	Platform.exe
4148	Platform.exe
4148	Platform.exe
4148	Platform.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3864 wrote to memory of 4148	3864	2023-08-27_3dc49cafcffcdceff64305268c2719b0_icedid_JC.exe	85
PID 3864 wrote to memory of 4148	3864	2023-08-27_3dc49cafcffcdceff64305268c2719b0_icedid_JC.exe	85
PID 3864 wrote to memory of 4148	3864	2023-08-27_3dc49cafcffcdceff64305268c2719b0_icedid_JC.exe	85

C:\Users\Admin\AppData\Local\Temp\2023-08-27_3dc49cafcffcdceff64305268c2719b0_icedid_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2023-08-27_3dc49cafcffcdceff64305268c2719b0_icedid_JC.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Program Files\convention\Platform.exe
  "C:\Program Files\convention\Platform.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4148

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1348

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\convention\Platform.exe

Filesize
283KB

MD5
92828068040c1b590daac78c77f6c5b0

SHA1
60fae1e177a2299371c8704c6a5b493cda1cedca

SHA256
eb6564958fca839d34ba14577cb2d3e429d2ccfd735c3c8b87d998262f35e1bd

SHA512
b0423dde67d6f4d57524be4d853cd602b0e8e576dc4386adcb7da28e689b885cbd2f5e6c2efa15ac15fd072b24c8365f0656a5c8b24d2fced664b1bc4e103de5

Download Submit
C:\Program Files\convention\Platform.exe

Filesize
283KB

MD5
92828068040c1b590daac78c77f6c5b0

SHA1
60fae1e177a2299371c8704c6a5b493cda1cedca

SHA256
eb6564958fca839d34ba14577cb2d3e429d2ccfd735c3c8b87d998262f35e1bd

SHA512
b0423dde67d6f4d57524be4d853cd602b0e8e576dc4386adcb7da28e689b885cbd2f5e6c2efa15ac15fd072b24c8365f0656a5c8b24d2fced664b1bc4e103de5

Download Submit
memory/1892-5-0x0000029006440000-0x0000029006450000-memory.dmp

Filesize
64KB

Download
memory/1892-21-0x0000029006540000-0x0000029006550000-memory.dmp

Filesize
64KB

Download
memory/1892-37-0x000002900EB20000-0x000002900EB21000-memory.dmp

Filesize
4KB

Download
memory/1892-38-0x000002900EB50000-0x000002900EB51000-memory.dmp

Filesize
4KB

Download
memory/1892-39-0x000002900EB50000-0x000002900EB51000-memory.dmp

Filesize
4KB

Download
memory/1892-40-0x000002900EB50000-0x000002900EB51000-memory.dmp

Filesize
4KB

Download
memory/1892-41-0x000002900EB50000-0x000002900EB51000-memory.dmp

Filesize
4KB

Download
memory/1892-42-0x000002900EB50000-0x000002900EB51000-memory.dmp

Filesize
4KB

Download
memory/1892-43-0x000002900EB50000-0x000002900EB51000-memory.dmp

Filesize
4KB

Download
memory/1892-44-0x000002900EB50000-0x000002900EB51000-memory.dmp

Filesize
4KB

Download
memory/1892-45-0x000002900EB50000-0x000002900EB51000-memory.dmp

Filesize
4KB

Download
memory/1892-46-0x000002900EB50000-0x000002900EB51000-memory.dmp

Filesize
4KB

Download
memory/1892-47-0x000002900EB50000-0x000002900EB51000-memory.dmp

Filesize
4KB

Download
memory/1892-48-0x000002900E770000-0x000002900E771000-memory.dmp

Filesize
4KB

Download
memory/1892-49-0x000002900E760000-0x000002900E761000-memory.dmp

Filesize
4KB

Download
memory/1892-51-0x000002900E770000-0x000002900E771000-memory.dmp

Filesize
4KB

Download
memory/1892-54-0x000002900E760000-0x000002900E761000-memory.dmp

Filesize
4KB

Download
memory/1892-57-0x000002900E6A0000-0x000002900E6A1000-memory.dmp

Filesize
4KB

Download
memory/1892-69-0x000002900E8A0000-0x000002900E8A1000-memory.dmp

Filesize
4KB

Download
memory/1892-71-0x000002900E8B0000-0x000002900E8B1000-memory.dmp

Filesize
4KB

Download
memory/1892-72-0x000002900E8B0000-0x000002900E8B1000-memory.dmp

Filesize
4KB

Download
memory/1892-73-0x000002900E9C0000-0x000002900E9C1000-memory.dmp

Filesize
4KB

Download