Overview

overview

7

Static

static

3

2024-01-01...id.exe

windows7-x64

7

2024-01-01...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 05:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_38469b8d8b89207ed967b6b75e0d8c18_icedid.exe

  • Size

    303KB

  • MD5

    38469b8d8b89207ed967b6b75e0d8c18

  • SHA1

    b3833dd82dda2ff58493a4ee1b5d5fee8a6e809c

  • SHA256

    b1c5e9d400aa63241e944e131db94925e0ac1e1346b033439ae3dec92614c208

  • SHA512

    75a3c34ba5fd71c46f7b2339f41a3c3f9187ae6454599cb10baa37042fbbee620ea88c3e219029b3485641ee87de764d8a257f9e12b4c4f1d15aa71f0aec041b

  • SSDEEP

    3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_38469b8d8b89207ed967b6b75e0d8c18_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_38469b8d8b89207ed967b6b75e0d8c18_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Program Files\skipto\Call.exe
      "C:\Program Files\skipto\Call.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1724

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\skipto\Call.exe
          Filesize

          1KB

          MD5

          f8077a9002ba637816f6bc472ff1170a

          SHA1

          bc87566f4f28cb865c01d5e216c6abf5a247ba9a

          SHA256

          0fe45013a4b65e72790f7e531d58764d573b84777fc5ee62f904ff6390b8e13a

          SHA512

          394d7aaec96277052c48df7d3ab5aebf0ce2b949e429196f876dce063facaa6dbd0637b4f8db9f9d6d032c4d41cc28fca9dbae40b23366fa5be2a0d2dcdeb50d

          Download Submit

        • C:\Program Files\skipto\Call.exe
          Filesize

          17KB

          MD5

          aa1f3b66c55d18294b9961eb59c435f6

          SHA1

          e6333b22a4df747a1a2d7058671073d20ff70c1f

          SHA256

          1c61e5b509cbc6c2d847de22b893cd261de2cbc6de30015b7cdf2cf78225b506

          SHA512

          baad45ece566dee2917b0193538d180fa620629a02b445d79a8191d8a67b31662331d4eee30b343367acd84f514bf85f68e31afca45e0b906bd16c7555707852

          Download Submit

        • \Program Files\skipto\Call.exe
          Filesize

          19KB

          MD5

          43b2a9a246cd31a14cb80a7e867ff9e7

          SHA1

          7ba144acec8d6e95b0d47db856c9a89d21de155f

          SHA256

          f407b1cc64c2481bb15d425029fb9871a47ddae2862a2d63894d3dccf1d95da2

          SHA512

          491ec1311bbb0ed2b09080d420e9436f7c23f9533b2ee6e6751fd1a3ba4e7bb472af32214c12b3dc0b42af5ce3f424c4280a86cea0abf64bb7312a2298097a5e

          Download Submit

        • \Program Files\skipto\Call.exe
          Filesize

          5KB

          MD5

          9378f2e26ad6cd5196bf3b68b91f8263

          SHA1

          8719d4f6d5710b4d5180cbdeb537a0b66579d690

          SHA256

          328b5beab56ab81f3445298a97671cdb2d75ded8fa8f2cb6ccc7d32ee8cbc35e

          SHA512

          392ae31bcdba00b115d08f2c3960904066e779d480770ca3486d21719eecc37f54545c75cbc56e43f53f8f74a162c97592e65e82f0fed07d71babb8be29f9f22

          Download Submit