5723907b7b0e87116f9ec3d3cbceb32513a7c28f3077d90c21eb6e10998117bd

Analysis

max time kernel
146s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 05:59

Target

2024-01-11_5b80d07b95313bc886a2ffc66c0d1e32_icedid.exe
Size

268KB
MD5

5b80d07b95313bc886a2ffc66c0d1e32
SHA1

636e3ce4fa48ee307f98f4d277ae62572845c1fe
SHA256

5723907b7b0e87116f9ec3d3cbceb32513a7c28f3077d90c21eb6e10998117bd
SHA512

28a8a5bcb66967808acf8c903270a91787e9b8fa382b1bd8483e27ed38c0628692da3e1835c634f19babe122ca0da2bdab74048e1dd49cc54cdfa50f45e91810
SSDEEP

3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
216	.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\.exe	2024-01-11_5b80d07b95313bc886a2ffc66c0d1e32_icedid.exe
File opened for modification	C:\Program Files\.exe	2024-01-11_5b80d07b95313bc886a2ffc66c0d1e32_icedid.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4464	64	WerFault.exe	14
3556	64	WerFault.exe	14

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 64 wrote to memory of 216	64	2024-01-11_5b80d07b95313bc886a2ffc66c0d1e32_icedid.exe	24
PID 64 wrote to memory of 216	64	2024-01-11_5b80d07b95313bc886a2ffc66c0d1e32_icedid.exe	24
PID 64 wrote to memory of 216	64	2024-01-11_5b80d07b95313bc886a2ffc66c0d1e32_icedid.exe	24

C:\Users\Admin\AppData\Local\Temp\2024-01-11_5b80d07b95313bc886a2ffc66c0d1e32_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-11_5b80d07b95313bc886a2ffc66c0d1e32_icedid.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:64
- C:\Program Files\.exe
  "C:\Program Files\\.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:216
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 1020
  2⤵
  - Program crash
  PID:4464
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 1036
  2⤵
  - Program crash
  PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 64 -ip 64
1⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 64 -ip 64
1⤵
PID:5596

C:\Program Files\.exe

Filesize
268KB

MD5
40aea0f95da74c65f118f95f64ed0e68

SHA1
64c0c23b0e293c92ad3fc91cd1e5622497e73267

SHA256
1790170a079bc6a209b3d637b6fc6c950b4439c1ab684f5f82732a7e4ab097ad

SHA512
3c976c1322d76a068afc68038202e376e6c4a8e472ff216d257280e6ac38035b31251d50154451d4826abc1b1d44062c8374f7b5790f40127a9be8044c71a825

Download Submit