Overview

overview

7

Static

static

3

NEAS.2023-...JC.exe

windows7-x64

7

NEAS.2023-...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-10-2023 20:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2023-09-07_1faf0e572b708195e4c98e1a84472108_icedid_JC.exe

  • Size

    379KB

  • MD5

    1faf0e572b708195e4c98e1a84472108

  • SHA1

    73cb138ba2912198f891035899cc8e0e30398e58

  • SHA256

    e33ae53f128be1c20f6ff6f365d38aafae16cb05e0ca72ffe5aaece663dd5a6a

  • SHA512

    f3b30f4b290d032dcf5938a37ad0a18bdfd4d84fd5c820166238bf2cee1ec5bcdeb951ff5211ac5e406c3f63f0e64ea13aac57d3d73acbbbf6275d6734ed42a4

  • SSDEEP

    6144:/plrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:/plrVbDdQaqdS/ofraFErH8uB2Wm0SXj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-07_1faf0e572b708195e4c98e1a84472108_icedid_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-07_1faf0e572b708195e4c98e1a84472108_icedid_JC.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Program Files\Call\command.exe
      "C:\Program Files\Call\command.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Call\command.exe
    Filesize

    379KB

    MD5

    215f30e97528e3fc9ff5145c4d217f6e

    SHA1

    151d5b5cef1130932f9f1df59eb3b67f30d90a2e

    SHA256

    7616be3c454eac36e49388efd9b0649213db9f6761a4645a08832638ffd75edb

    SHA512

    132294d8dee4001c61c5c6d365a502ec5af39034a20100b68f745658ca24b35851f57f2e1381930d2a567d1587e9e6b7d98d89773417d30c303607fdd3f0c816

    Download Submit

  • C:\Program Files\Call\command.exe
    Filesize

    379KB

    MD5

    215f30e97528e3fc9ff5145c4d217f6e

    SHA1

    151d5b5cef1130932f9f1df59eb3b67f30d90a2e

    SHA256

    7616be3c454eac36e49388efd9b0649213db9f6761a4645a08832638ffd75edb

    SHA512

    132294d8dee4001c61c5c6d365a502ec5af39034a20100b68f745658ca24b35851f57f2e1381930d2a567d1587e9e6b7d98d89773417d30c303607fdd3f0c816

    Download Submit