Overview

overview

7

Static

static

3

2024-01-01...id.exe

windows7-x64

7

2024-01-01...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    82s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-01-2024 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_a3405d7e225a73752d529d50eb2f6760_icedid.exe

  • Size

    303KB

  • MD5

    a3405d7e225a73752d529d50eb2f6760

  • SHA1

    72ff985ff11ddafc8973457f2a7960872fa3af1d

  • SHA256

    1fcd7fdca4e466378bb3da7cff3ae8ccbcbce2cef88f8e6e07ea942af9af58fc

  • SHA512

    0b373429c8ea02d4937ca94aa4df5b50101f9c5ab4598df4d865d048d96c8c77db5435e97ffdb0b24f02b3aa124421a963e51281fc28fa0baaf95559b50d67ff

  • SSDEEP

    3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_a3405d7e225a73752d529d50eb2f6760_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_a3405d7e225a73752d529d50eb2f6760_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Program Files\skipto\Call.exe
      "C:\Program Files\skipto\Call.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\skipto\Call.exe
    Filesize

    13KB

    MD5

    b1f9470314a6247545b5991d18f1a1d5

    SHA1

    3a376f0b8093d8ffe0c0438c93cfd31663e36674

    SHA256

    7f0a196f308030d272880ee37905a7efd084ea2e5f272fe0b674adb5542e6787

    SHA512

    62d38208ef556ade5142f1accb6cf04375c4e784b29a6ca15ecdcc3276d7e7a532915ee464424c0cdf9483f1b091290fbfacb8f4dbffea2ea14292ab9004905d

    Download Submit

  • C:\Program Files\skipto\Call.exe
    Filesize

    1KB

    MD5

    f8077a9002ba637816f6bc472ff1170a

    SHA1

    bc87566f4f28cb865c01d5e216c6abf5a247ba9a

    SHA256

    0fe45013a4b65e72790f7e531d58764d573b84777fc5ee62f904ff6390b8e13a

    SHA512

    394d7aaec96277052c48df7d3ab5aebf0ce2b949e429196f876dce063facaa6dbd0637b4f8db9f9d6d032c4d41cc28fca9dbae40b23366fa5be2a0d2dcdeb50d

    Download Submit