Overview

overview

7

Static

static

3

2024-01-19...id.exe

windows7-x64

7

2024-01-19...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2024, 10:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-19_e4734d6671e85db84c5a6a38f2d47287_icedid.exe

  • Size

    312KB

  • MD5

    e4734d6671e85db84c5a6a38f2d47287

  • SHA1

    b297f955473a886b22e8ef43cce84c4ff0e6510c

  • SHA256

    7ea7ee132739f044291f892c0fcac4dff60671057d1c1bc5008301ed3044db2b

  • SHA512

    3f9f5c5a309b6858d943b1f16690cd611b9ae0423c6f234f89f638beade7835de47597fffe334f3aea7392665c81a0ec65807fbfe2c38b1ed99a9cbd5ad93ca8

  • SSDEEP

    3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-19_e4734d6671e85db84c5a6a38f2d47287_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-19_e4734d6671e85db84c5a6a38f2d47287_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3768
    • C:\Program Files\component\Graphics.exe
      "C:\Program Files\component\Graphics.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4984
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:3896
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2992

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files\component\Graphics.exe
            Filesize

            312KB

            MD5

            314d4ae014780abdaf0ace429750fe2c

            SHA1

            d94a9483bf614498b1650d4ae885349d08946f29

            SHA256

            2510fcc9217b64ed8ae96deb5ca0e7ebf675d5a30c900976ba3e8ff46d990514

            SHA512

            4af1d5b6df4910d63394d9d9834346426778ee942e169b8a083fa99362177e9c9df63dae50b7720f9894b494232e17991b0591ff23a38756d4a6e2b046056070

            Download Submit

          • memory/2992-21-0x000002212E140000-0x000002212E150000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2992-5-0x000002212E040000-0x000002212E050000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2992-37-0x00000221364B0000-0x00000221364B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2992-41-0x00000221365F0000-0x00000221365F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2992-40-0x00000221364E0000-0x00000221364E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2992-39-0x00000221364E0000-0x00000221364E1000-memory.dmp

            Filesize

            4KB

            Download