Overview

overview

7

Static

static

3

NEAS.2023-...JC.exe

windows7-x64

7

NEAS.2023-...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    23-10-2023 16:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2023-09-08_76f46bc4c5548e41ca2688bd61934084_icedid_JC.exe

  • Size

    412KB

  • MD5

    76f46bc4c5548e41ca2688bd61934084

  • SHA1

    05e3600483c4b4ac9cdc1b27e438adc043e92d5c

  • SHA256

    ac57b4265edfcdd8535f305b8a71f0b9e1b9f13eb4f1f6e6f9de09cd4ba70cc4

  • SHA512

    dd694969f1019b603e736789e1894e708000b60810a08272bbf4df9110f14a9e76f407b48c71fb497926311fa41d73d56517858215963fe7ecfeca7d75e12014

  • SSDEEP

    12288:5plrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:7xRQ+Fucuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-08_76f46bc4c5548e41ca2688bd61934084_icedid_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-08_76f46bc4c5548e41ca2688bd61934084_icedid_JC.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Program Files\verify\Framework.exe
      "C:\Program Files\verify\Framework.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\verify\Framework.exe
    Filesize

    412KB

    MD5

    730d69cc9954b3d94d4f0d2b3753aae9

    SHA1

    f34b9eaf5dea10c3d414a64c622dcbd30e4b21bd

    SHA256

    352a75b2610e1bf14d3f335901b0c7d218e4c465b42ee7dda8a87ae95645dc64

    SHA512

    158f43ec0e96196c2423fcc3332292d0d928cdef4c744c532967010ed4cc5903157b777c55be839fc8c840c6b02b6ced2512ea3347400d6371a446d9d2c2f1b8

    Download Submit

  • C:\Program Files\verify\Framework.exe
    Filesize

    412KB

    MD5

    730d69cc9954b3d94d4f0d2b3753aae9

    SHA1

    f34b9eaf5dea10c3d414a64c622dcbd30e4b21bd

    SHA256

    352a75b2610e1bf14d3f335901b0c7d218e4c465b42ee7dda8a87ae95645dc64

    SHA512

    158f43ec0e96196c2423fcc3332292d0d928cdef4c744c532967010ed4cc5903157b777c55be839fc8c840c6b02b6ced2512ea3347400d6371a446d9d2c2f1b8

    Download Submit

  • \Program Files\verify\Framework.exe
    Filesize

    412KB

    MD5

    730d69cc9954b3d94d4f0d2b3753aae9

    SHA1

    f34b9eaf5dea10c3d414a64c622dcbd30e4b21bd

    SHA256

    352a75b2610e1bf14d3f335901b0c7d218e4c465b42ee7dda8a87ae95645dc64

    SHA512

    158f43ec0e96196c2423fcc3332292d0d928cdef4c744c532967010ed4cc5903157b777c55be839fc8c840c6b02b6ced2512ea3347400d6371a446d9d2c2f1b8

    Download Submit

  • \Program Files\verify\Framework.exe
    Filesize

    412KB

    MD5

    730d69cc9954b3d94d4f0d2b3753aae9

    SHA1

    f34b9eaf5dea10c3d414a64c622dcbd30e4b21bd

    SHA256

    352a75b2610e1bf14d3f335901b0c7d218e4c465b42ee7dda8a87ae95645dc64

    SHA512

    158f43ec0e96196c2423fcc3332292d0d928cdef4c744c532967010ed4cc5903157b777c55be839fc8c840c6b02b6ced2512ea3347400d6371a446d9d2c2f1b8

    Download Submit