Overview

overview

7

Static

static

3

2024-01-10...id.exe

windows7-x64

7

2024-01-10...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2024, 05:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-10_9aa548e66bf5c88e73f74e7e352b67a0_icedid.exe

  • Size

    306KB

  • MD5

    9aa548e66bf5c88e73f74e7e352b67a0

  • SHA1

    784847310809215d82214d911f219a5564d731ec

  • SHA256

    d777dfd99b96a9ab7c924dbb0d0aac29758e568214ce7859f567ce89535ef46c

  • SHA512

    30bcbbb5e7020051d5ca182b753ecc1265a2a6eb4029b6e5bd33b8a783d657fb676a7d88f18ca5df827c3180161342a2ae2b8d679034dbfd120942012687f5fe

  • SSDEEP

    3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-10_9aa548e66bf5c88e73f74e7e352b67a0_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-10_9aa548e66bf5c88e73f74e7e352b67a0_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Program Files\Sample\GetVersion.exe
      "C:\Program Files\Sample\GetVersion.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Sample\GetVersion.exe
    Filesize

    193KB

    MD5

    a54a87f3d4aa70fc9f6ef32e11ce57fd

    SHA1

    436aa43f479272f80c2fb6f160bd39055b878e76

    SHA256

    3c28bc1c0cebfb05b90902875856f5b34e654abdcb4b0be1cce5f0c6edf2ff72

    SHA512

    3b61a48792b8bab02d180f042a099138ce1110032dd1438b64fa49f59a3be23e56af37dc02de2259447c33a96588dc9ab7b7daadda01966e3cb9ecc681a41a45

    Download Submit

  • \Program Files\Sample\GetVersion.exe
    Filesize

    306KB

    MD5

    d78c9762701b4f72f4007c4fd7ed4e3f

    SHA1

    c92b7ab3bd806061625ac5e9e3e93a9ba63ed2ef

    SHA256

    a70b3132ad8bd31329fe9f9adb79c88dbed0c375ffeff5a1aa0bf177d1be4fd6

    SHA512

    4188475feac8934832a35631a2677e13797525f0b1f366aa8320c7df990be7bf45dd71de0ba42af756549a29c4160788b2913851eb745a59fd70cf0d03465203

    Download Submit

  • \Program Files\Sample\GetVersion.exe
    Filesize

    220KB

    MD5

    d7707a635dd868b530e5db926184139f

    SHA1

    7e8f38dc336fbc8976050624011987f67ca6612d

    SHA256

    719f7c20615dc291a7ee8b00205c2dcd584a2871a84bf375a7df71daefe11726

    SHA512

    368de773fc8f0a463c35657fae951d58ad615c6d7b9e27d7209a2305fddc4e96e20e3111449b51739af454a019bd1956f83e5f8930c59b229ef0e09ae7447f2c

    Download Submit