Overview

overview

7

Static

static

3

2024-01-09...id.exe

windows7-x64

7

2024-01-09...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2024 05:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-09_2710bc1b7fdb643a7621c982d6a6d768_icedid.exe

  • Size

    387KB

  • MD5

    2710bc1b7fdb643a7621c982d6a6d768

  • SHA1

    11eea2d5b91a8ec8157559940e0e0cda715b8976

  • SHA256

    c203b978a033bd3b14b1c9c29ab67dd5228e81c4cd0b1a2ae9e477657759b65a

  • SHA512

    84d56090cba004963154532b22465c8b3cb59c4887b028eb8c2dc42b5a1c8230f1a7a33615facdcb071990349e01ec1b930a5d056cf6ca74985a385391f20e1c

  • SSDEEP

    12288:eplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:KxRQ+Fucuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-09_2710bc1b7fdb643a7621c982d6a6d768_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-09_2710bc1b7fdb643a7621c982d6a6d768_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Program Files\recommend\footprint.exe
      "C:\Program Files\recommend\footprint.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\recommend\footprint.exe
    Filesize

    43KB

    MD5

    f0e20d7ecc51014f348ab7dc668316ef

    SHA1

    ed2dc1bd43687611ab019a0a24aeac3dba88c3d8

    SHA256

    afa4d55da5e608803e4d4cac1aa8691c7467e9befb36f1a7e96dd39b47c5477a

    SHA512

    c5c6c86750cf050cb41f57bd822d0e7f5d4beaead9b7edd1ebdce15d8ba1f7f719e800ac6f1611ff0c868a154626a7d1133530d6b14cafdc1e7ef4e19d7de76f

    Download Submit

  • C:\Program Files\recommend\footprint.exe
    Filesize

    55KB

    MD5

    052616a36024a7579a28c162de2fc59c

    SHA1

    2e94e12600e7cca013571a2832cc97c39d93e07a

    SHA256

    333e06a2ceff0d96cc38afad46fd904e2640c7599052174da0e0953f1182e154

    SHA512

    3c405ea905613c0762fd1f3675172d8d894893b75cf6885c6257c324d425413ce4b4cab70c496b9b7ce75c9aca5941f6dee60496213ce2d2e0ac03ed12eebae6

    Download Submit

  • \Program Files\recommend\footprint.exe
    Filesize

    45KB

    MD5

    3dcb09fcf6f6b8a33ed09dbd8cdb3c2f

    SHA1

    f2841188b3f3877a9bce26cbf0da049bc826ed9e

    SHA256

    3384cbfd600dab3e54f621c574ae20acedcb83e81d997884b2fc9d0f668e5e52

    SHA512

    bff818d4001a89e908a0fbf44548a1033fcd4ba4ffc940fd9aec4287a039c2dee3cd017d60f0246bf6ef851343686e194d4def4e5c4103ccdd4130a87baa03c0

    Download Submit

  • \Program Files\recommend\footprint.exe
    Filesize

    88KB

    MD5

    587d9b9815e8fc062ed215afe84a0e65

    SHA1

    61f39e647c5856070946cfc9fbeb393ad4f9182b

    SHA256

    119603ba45ea147ff3e683284232376dd44fc5899a6e95599ca8d4e77f43731c

    SHA512

    998b8e60cf8676d7f0e47a3c5acd97d88ac3a4695788950e81aa8bbce95ce262e353133d91d85468b1c312094b94a7bc1027684f84f5f3fe75aa95f5556fa9c2

    Download Submit