bd9aec638469931ecda9916722071029889d498f55b4191cae4208a65dd0e54e

Analysis

max time kernel
171s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 05:54

Target

2024-01-10_a0646cbf8fcedfa47ccec7109fd4650c_icedid.exe
Size

266KB
MD5

a0646cbf8fcedfa47ccec7109fd4650c
SHA1

98b6100c841c2452ec4fb73bca5482ac3af0686b
SHA256

bd9aec638469931ecda9916722071029889d498f55b4191cae4208a65dd0e54e
SHA512

813b60d832c8cff0cd8a9013a33bc4867ab6a55fc2813e6dc24f6312a1331eb06dbcd128be84784467b4c3f7da80522d5f7cc8d8b29377134b02d25c3fb359ed
SSDEEP

3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3600	silently.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\choices\silently.exe	2024-01-10_a0646cbf8fcedfa47ccec7109fd4650c_icedid.exe
File opened for modification	C:\Program Files\choices\silently.exe	2024-01-10_a0646cbf8fcedfa47ccec7109fd4650c_icedid.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
372	3932	WerFault.exe	89
5104	3932	WerFault.exe	89

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3932	2024-01-10_a0646cbf8fcedfa47ccec7109fd4650c_icedid.exe
3932	2024-01-10_a0646cbf8fcedfa47ccec7109fd4650c_icedid.exe
3932	2024-01-10_a0646cbf8fcedfa47ccec7109fd4650c_icedid.exe
3932	2024-01-10_a0646cbf8fcedfa47ccec7109fd4650c_icedid.exe
3600	silently.exe
3600	silently.exe
3600	silently.exe
3600	silently.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 3600	3932	2024-01-10_a0646cbf8fcedfa47ccec7109fd4650c_icedid.exe	96
PID 3932 wrote to memory of 3600	3932	2024-01-10_a0646cbf8fcedfa47ccec7109fd4650c_icedid.exe	96
PID 3932 wrote to memory of 3600	3932	2024-01-10_a0646cbf8fcedfa47ccec7109fd4650c_icedid.exe	96

C:\Users\Admin\AppData\Local\Temp\2024-01-10_a0646cbf8fcedfa47ccec7109fd4650c_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-10_a0646cbf8fcedfa47ccec7109fd4650c_icedid.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Program Files\choices\silently.exe
  "C:\Program Files\choices\silently.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3600
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 1056
  2⤵
  - Program crash
  PID:372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 1008
  2⤵
  - Program crash
  PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3932 -ip 3932
1⤵
PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3932 -ip 3932
1⤵
PID:4612

C:\Program Files\choices\silently.exe

Filesize
266KB

MD5
864024f8371c6140e1f220d7e1186990

SHA1
ffd86121117cd66df8eb560557cad7ee0c529f72

SHA256
49df821c37efeef452f10fe99e52cde98c045bf20bac7fac6305652dc7b33edf

SHA512
8f1e6c193c972d9e6ad66cc5808784760f88e7b1a09fa3df52a84975741708112f5931d919e6937dfcbc2fd65da5dacd4e2b89ffbdccfd92176ac535f3d976f5

Download Submit