Overview

overview

7

Static

static

3

2024-01-09...id.exe

windows7-x64

7

2024-01-09...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 05:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-09_2d77041f9d466bbc42dd7a892bd2855d_icedid.exe

  • Size

    298KB

  • MD5

    2d77041f9d466bbc42dd7a892bd2855d

  • SHA1

    7f8532cb64b91a10612a29dd2ba0f6eb2dd61edf

  • SHA256

    f71295b4f241689f192cb219c84ee5a1565b7cf9302508c040698d95f90cd241

  • SHA512

    f1702dd3ec204f0316d5c9eabd498ade04c603bdc03fc01f9d1354e82f222016945f1b0e0809ad412e13ab6e9d236467ee7956be3ad3cca851f52dab46c46a0b

  • SSDEEP

    3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-09_2d77041f9d466bbc42dd7a892bd2855d_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-09_2d77041f9d466bbc42dd7a892bd2855d_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Program Files\without\having.exe
      "C:\Program Files\without\having.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\without\having.exe
    Filesize

    51KB

    MD5

    5fdc0d28150541ac91ea2cab4abb4b74

    SHA1

    76bb5fc253b0791402e44fca6444bcf386af8fbe

    SHA256

    1d53466c036f32bb00bdb7a15117a07180494aa9bbb42503a15ecb57f3a800bd

    SHA512

    c26586dbe80edb32211e889e65a8c2974dccc6e520274d2c1c0bfae531453c885b576e1f19e94cf46508e88a22af7a55107350995e28faf1859c2b17f040af1c

    Download Submit

  • C:\Program Files\without\having.exe
    Filesize

    115KB

    MD5

    52429665d5e271f13e2f05afa9a3b634

    SHA1

    1c0e0e94f1144dfa8ac14ab9452e4ef535c8f741

    SHA256

    e6bbe9c11b90ac64e1ff679380203efd9e6dbdbd5ddaafe998240d975dda59fd

    SHA512

    ef82f0347bc8de7394a5d82cc736b777c0d62c2c25f17ad620e6aa8c7c464a8d8412a77695758f035f06349c96381e2617dbd98815f04c6a233a89298e89f9d4

    Download Submit

  • \Program Files\without\having.exe
    Filesize

    63KB

    MD5

    5f6ab1c2d557c74e00905d6bbb539434

    SHA1

    cf9355477814f952882c140683b80c1691195c3e

    SHA256

    345c8572bf8b9b62bf741a1f90872ef0380eb83f3fbd0ed896c1ed37d46bd35e

    SHA512

    90a9f8de85061c746b5140975c55f24f43863b049f0f5e981fa3d74262decc82ec824cac0b5a7fd9f91cbdf1cf66a4b1b483607259529f45204c32c898641fb1

    Download Submit

  • \Program Files\without\having.exe
    Filesize

    62KB

    MD5

    27451223517179d1cc4fd5ebea97fecd

    SHA1

    6d5ebda71d7e73080d8f54805cea8f4e11c32321

    SHA256

    ff0b042edb4451e339915b0cf2b328d290ad3dd9649c94ddf78475fe82caada1

    SHA512

    28146d18b8eebdacb90d289e2d0a59a3a4dede7eedb46f7b5a2dc739876ed96bf1ffe57eda724d00e7abbac03ab36e72deb15a8fae0a3b1e499a8afdc0b1fd9f

    Download Submit