a593d887f50e37630cfbe4451fa67ab57480f883038ddfed6f60af09abe859e4

Analysis

max time kernel
147s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 06:02

Target

2024-01-11_91a1f4dcb33e503f9dadcd012a16204b_icedid.exe
Size

268KB
MD5

91a1f4dcb33e503f9dadcd012a16204b
SHA1

b0b7d836ff005b901956eb6e5c83f818ad65bb60
SHA256

a593d887f50e37630cfbe4451fa67ab57480f883038ddfed6f60af09abe859e4
SHA512

490c6bb223759da23da748e448fb28cef0c53f398f5c26f59f4e5c710b9bb818217d5278c24d02cba28caed0adf0e13eac3f11752b47fd36bbcc806b62b8a679
SSDEEP

3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1516	.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\.exe	2024-01-11_91a1f4dcb33e503f9dadcd012a16204b_icedid.exe
File opened for modification	C:\Program Files\.exe	2024-01-11_91a1f4dcb33e503f9dadcd012a16204b_icedid.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4564	496	WerFault.exe	87
3080	496	WerFault.exe	87

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 496 wrote to memory of 1516	496	2024-01-11_91a1f4dcb33e503f9dadcd012a16204b_icedid.exe	94
PID 496 wrote to memory of 1516	496	2024-01-11_91a1f4dcb33e503f9dadcd012a16204b_icedid.exe	94
PID 496 wrote to memory of 1516	496	2024-01-11_91a1f4dcb33e503f9dadcd012a16204b_icedid.exe	94

C:\Users\Admin\AppData\Local\Temp\2024-01-11_91a1f4dcb33e503f9dadcd012a16204b_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-11_91a1f4dcb33e503f9dadcd012a16204b_icedid.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:496
- C:\Program Files\.exe
  "C:\Program Files\\.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1516
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 1040
  2⤵
  - Program crash
  PID:4564
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 1092
  2⤵
  - Program crash
  PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 496 -ip 496
1⤵
PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 496 -ip 496
1⤵
PID:3140

C:\Program Files\.exe

Filesize
268KB

MD5
bbcc5e39b1edb6f0184822b81a527c82

SHA1
54a5953d3178526fc4cd49ff09c5faea6f507711

SHA256
51a1befbe2559b2b912121245ccb0841b30620cd2d0316ad2ce79718acc95c23

SHA512
2cf2de209c732014601fd69270fe3bdcb597325dfeeb4a909c4c28b8cee6ce9f621003589cfa72876366f87246f4a136f59a5aac20037e3200c9cb59162b0d21

Download Submit