Analysis
-
max time kernel
157s -
max time network
172s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
09-01-2024 06:38
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-08_31543c5c6e210c7747973ba7ec6d834d_icedid.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-08_31543c5c6e210c7747973ba7ec6d834d_icedid.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-08_31543c5c6e210c7747973ba7ec6d834d_icedid.exe
-
Size
304KB
-
MD5
31543c5c6e210c7747973ba7ec6d834d
-
SHA1
b7bd14582b3b26743b4047e2be1be99c3ff1e0d0
-
SHA256
d3b03b08974586b55bb18b5e306fafc13a991934dc527fc2d94c020be546a539
-
SHA512
bb682a529898e4afafe79c264240409e23abb4ee75cd39bb4bc5009ac8e0b451b287136226367adde50e17b00d9f404675c79d4265e760a536c2b84605948bd5
-
SSDEEP
3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4648 integrate.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files\boxes\integrate.exe 2024-01-08_31543c5c6e210c7747973ba7ec6d834d_icedid.exe File opened for modification C:\Program Files\boxes\integrate.exe 2024-01-08_31543c5c6e210c7747973ba7ec6d834d_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 4268 2024-01-08_31543c5c6e210c7747973ba7ec6d834d_icedid.exe 4268 2024-01-08_31543c5c6e210c7747973ba7ec6d834d_icedid.exe 4268 2024-01-08_31543c5c6e210c7747973ba7ec6d834d_icedid.exe 4268 2024-01-08_31543c5c6e210c7747973ba7ec6d834d_icedid.exe 4648 integrate.exe 4648 integrate.exe 4648 integrate.exe 4648 integrate.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4268 wrote to memory of 4648 4268 2024-01-08_31543c5c6e210c7747973ba7ec6d834d_icedid.exe 90 PID 4268 wrote to memory of 4648 4268 2024-01-08_31543c5c6e210c7747973ba7ec6d834d_icedid.exe 90 PID 4268 wrote to memory of 4648 4268 2024-01-08_31543c5c6e210c7747973ba7ec6d834d_icedid.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-08_31543c5c6e210c7747973ba7ec6d834d_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-08_31543c5c6e210c7747973ba7ec6d834d_icedid.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4268 -
C:\Program Files\boxes\integrate.exe"C:\Program Files\boxes\integrate.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4648
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
145KB
MD5cdc298c5f35042d9bca146081ad86aee
SHA14a53827caf920a6cca9a4fedbe55a58831590f94
SHA2567591fbde6ca3a5b797a3cb806c7014010e9a6c6d246aeb2b6473de082e85e369
SHA512bd866fc7eee00c3679593b8e87690b105efc501cf848d60e46e323b9f228a953977e739a800a3792741e56aaa6309207d14c894d7a50ceb077ce4ff83d6fc899
-
Filesize
212KB
MD5e4e3d113016ce53e2093a198ab9191f1
SHA11486f733a41f3a63e2c555e38dd1f93cf0dcccba
SHA256e735a9d3cf8e23fd5211fcd31f588544e5781c2ceaf59b7483d96f2f2eb854c8
SHA512d6ae9c17c5e48eb580ee671f3408a0fc61af97041f1bc3cf64360fc289297e213fc2fc975a9a46246bc9826145309641807635d641a335336fdc0c81981d7134