Overview

overview

7

Static

static

3

2024-01-01...id.exe

windows7-x64

7

2024-01-01...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05-01-2024 05:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_5fd8283e7816c9fb126722a6bd2b1faf_icedid.exe

  • Size

    383KB

  • MD5

    5fd8283e7816c9fb126722a6bd2b1faf

  • SHA1

    a3963fdf8dcb196626c8668707c90a3e5ba6879b

  • SHA256

    4c543a6ed398fb05c2151b4cdb460a69684f903bebfe0e1f490175c4492d4135

  • SHA512

    f6208e69081adacb999d4dfc7b817b1c3a95bf2d88f97df282ac413f130c403f161da15e5c2b76e002ee657ae34ea3ab481c196507a8c67e5a060a90316590bb

  • SSDEEP

    6144:bplrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:bplrVbDdQaqdS/ofraFErH8uB2Wm0SXj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_5fd8283e7816c9fb126722a6bd2b1faf_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_5fd8283e7816c9fb126722a6bd2b1faf_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Program Files\Typically\present.exe
      "C:\Program Files\Typically\present.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Typically\present.exe
    Filesize

    92KB

    MD5

    080f0f172f87a2c99a0b356ceb6ce8e2

    SHA1

    36bea81db42853554086e1e0db967fc8ec53baae

    SHA256

    d3ac7ba8206e4c15c16b9b52a7d5bc1fd6bbdd1ca16a336548f9d3a69b78da99

    SHA512

    9c2fa58e7ef0c105d2fa830e54f844c743a10b252b241dc1bef4abd2823dcd582d9a3ff803e1572eb543777d6bdaef74ffac22374fb526652d46def617a2a3b4

    Download Submit

  • C:\Program Files\Typically\present.exe
    Filesize

    48KB

    MD5

    417bd72a5e62251f19104b10ee46f3ab

    SHA1

    694ee01d287d7957b7b404d8efafbed986af1931

    SHA256

    08b267518700ea2a55dfca267670d518a97f9460983e8a2c7d17c4155c8237d2

    SHA512

    8b15b2ecc21f8603daf7d0ce8e8d700ae28f2d9f05fd8b8a89aeabf2b638c1b756e1137e3d05f609040ba7b4b91c537d3780dda0559ae97cf6a071a628ba4261

    Download Submit

  • \Program Files\Typically\present.exe
    Filesize

    39KB

    MD5

    0eabc12292c70d4a418dc9aa447a66e1

    SHA1

    f7fb20398a5b2e2cc592181fb65bb63c67f680e2

    SHA256

    cda2b4c1b482578c13d3c1110358fec6e568abf6dec21d3f2a394891a95eb9ec

    SHA512

    ccac23eaac25405f0cb07a3e6eee850290e8a7ee8039e8862490cabbc2333148a8e15d3c5748067f5742a7aff1f00c8b7ac8eb4e615fd527f9aaa48cc283f5b8

    Download Submit

  • \Program Files\Typically\present.exe
    Filesize

    25KB

    MD5

    6f9600e8d2bf1853ea004d576ebf1b5f

    SHA1

    7e337637a13933f788458c787fb0ccd4cd6a54ae

    SHA256

    efa3f72bb684543a28f66a73a5e3a3449d0a32d3b7b57ea773f1339213e8c78f

    SHA512

    30c1bbb5cf65cef5f7ffd6bd6f78dde2b28cf79f58fa9a183e23b1e9c78706e842eb4ae87817b10702f8f2e706d29a690bd2caa30468f1fd0fb9034712aa483e

    Download Submit