Overview

overview

7

Static

static

3

2024-01-18...id.exe

windows7-x64

7

2024-01-18...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18-01-2024 23:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-18_8f588dfda4863eaf380b11ab65863700_icedid.exe

  • Size

    311KB

  • MD5

    8f588dfda4863eaf380b11ab65863700

  • SHA1

    afad873981fd460064932898b52f876976e91fc8

  • SHA256

    13554d1f4d15b0260ca8981ed565dda6ad68feaf2a1e058af76c31130dfd3c67

  • SHA512

    f927f7c526a509b983e49c52a37ec1710f4a9881ba04943437c599675963d57f56c42a4e1220b933aaf1fd5e853ac44171c84bac909491224fa7203da57a7dc1

  • SSDEEP

    3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-18_8f588dfda4863eaf380b11ab65863700_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-18_8f588dfda4863eaf380b11ab65863700_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Program Files\depend\function.exe
      "C:\Program Files\depend\function.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\depend\function.exe
    Filesize

    18KB

    MD5

    72fe9b3250525580c4fbacc9c81c0d1f

    SHA1

    1372aa553d86f2448dfa1d61c6d64b63384ae5f3

    SHA256

    0ff1cac2d613545b62aa55b1f65ea08a6dcaaa2fbdade844f0f62b19eac00181

    SHA512

    584dbf8869d265f58dd5f824c1ead5e1278908ca8769d2785db81184fa8adaadea86323fedf896a260e4d10f044e788989d3d008e0d0f851acfbc8773882b1ca

    Download Submit

  • C:\Program Files\depend\function.exe
    Filesize

    84KB

    MD5

    e69fd65f8a0e1beda700144771366603

    SHA1

    fa49c2df69c46bf6a1bdb36401e5b4dfad9461e6

    SHA256

    a0e68d408f47058c03d025846933ef4fa63a1f4a9e79b8c1900f995fc93b9925

    SHA512

    eeb4111c54da989dbf65a52706ee84aee61f45c09ed7054f1ee07173a719dc607df64ab408535146d779272c254e4aa82c801621fa9494c8d67853136ce93e48

    Download Submit

  • \Program Files\depend\function.exe
    Filesize

    186KB

    MD5

    5e9591e7655b1ab82504550e7bd0c0f2

    SHA1

    b0af3a28b31734f430b1983e77da2666bc44eb65

    SHA256

    8d6740943bfc3c8f2ea8c1a4b06ce041fb74737af06f5b157e77699d520d66c9

    SHA512

    88c4619ebc4d385c4e3220a0411088e3f5ec2163c43fb6dbd5f4e5c5849c4097e0f280eb861391cc990cf8e715fb82fd04ffb435d2492dc5f38aaf0b3bf8af99

    Download Submit

  • \Program Files\depend\function.exe
    Filesize

    114KB

    MD5

    c8d91e4da1d2f06803403f6aacb18885

    SHA1

    32ec8407be581958f4acc6bea91a92c9f8466034

    SHA256

    1e4c802bc34702d59d3e90e4f6e0d23544e3f6701945e30f6b3fc0ed8fabd74c

    SHA512

    1b6f28b04c00e2e1e7cc81ce9b1285b3ba88309d69cb55ce16331944f828f343314367d10c10a3863156308817a3abfce32ff4a3c770c21292c249a0e4b96363

    Download Submit