2237a6d3304dee6fbd516418846460196a21d708f7f7bfe166d74b4dc7030642

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
22/01/2024, 20:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-01-22_92a65632cf08a8cc24ae2a61639731da_icedid.exe
Size

29.9MB
MD5

92a65632cf08a8cc24ae2a61639731da
SHA1

a3d4f4ace30adb36246cd688e89eda73618a9669
SHA256

2237a6d3304dee6fbd516418846460196a21d708f7f7bfe166d74b4dc7030642
SHA512

b27de894e457c14758319b72eaecf2321cb0c78eb805040c807a4c77ab08a6d9b785b5dd42100b7e4547a525d51172da7782fa6d2c4dacea04b1af5ca9e50120
SSDEEP

393216:CU/s1KFdu92n5o54Sm/YKBSYkT1fD9FpH27iD09uiQampG7iD09uiQamrnl7oNUP:3NSejkY0L9F5D0FQdVD0FQdrlUUP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1616	UpdateWizard.exe

Loads dropped DLL 4 IoCs

pid	Process
1616	UpdateWizard.exe
1616	UpdateWizard.exe
1616	UpdateWizard.exe
1616	UpdateWizard.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3444	2024-01-22_92a65632cf08a8cc24ae2a61639731da_icedid.exe
1616	UpdateWizard.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 1616	3444	2024-01-22_92a65632cf08a8cc24ae2a61639731da_icedid.exe	88
PID 3444 wrote to memory of 1616	3444	2024-01-22_92a65632cf08a8cc24ae2a61639731da_icedid.exe	88
PID 3444 wrote to memory of 1616	3444	2024-01-22_92a65632cf08a8cc24ae2a61639731da_icedid.exe	88

C:\Users\Admin\AppData\Local\Temp\2024-01-22_92a65632cf08a8cc24ae2a61639731da_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-22_92a65632cf08a8cc24ae2a61639731da_icedid.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Users\Admin\AppData\Local\Temp\56CB.tmp\UpdateWizard.exe
  "C:\Users\Admin\AppData\Local\Temp\2024-01-22_92a65632cf08a8cc24ae2a61639731da_icedid.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\56CB.tmp\QtCore4.dll

Filesize
2.3MB

MD5
86fe8fc2ff9172da91dbf00f97c7a0f9

SHA1
e94c0e73fb5a693f266d32a599d72e2e442a2c45

SHA256
7899b66c782a591997521dca0b89289a1309527f8dd49cbda10d1311b3bfb850

SHA512
b459213832e311ae559447de13b483ea9775a9812edac4f9c5989a2e346cf8db45779c5399d74001564d18b18552b6e0ec861632582f1fbe3d90bccc20b1ff35

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\QtCore4.dll

Filesize
1.9MB

MD5
25851e17fd5a697aa65554748b7935bf

SHA1
213f4d38b54924621695d3680fd7c0b208ff5408

SHA256
7cc44a455cb8c851bf56d01f3cfa6546001c705e84e4bd2a200a6a7cadec1873

SHA512
a285916c9d2314638136b5684dc6adceec4e75e960f7a136f6d0cd9995bc6b06c51e21ecadb3eba4400f313b76a52ba3ac28f0361f3f29de040932d995fedbb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\QtGui4.dll

Filesize
2.6MB

MD5
717bb9f08da563ae2d79a523b0ca6cda

SHA1
651fb93bd31ce2da407e9f45543fd8b66a062d9e

SHA256
5589954cf2127aaadd042afcd1cc3145be2d4dac5d44aa8d651ab5a467f8a4e4

SHA512
a25c1b181f8bea8e37f2a248f8951c825581d4c16ea41af6efae9ac61032c2584272fe71760c035a50cca6671c7777d1194cc21136591bd7d6e9f8f5156153d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\QtGui4.dll

Filesize
2.5MB

MD5
8b36493be9dc35a4fe7dfb82c383519b

SHA1
4041aa1ae937147c4348d4921852c44ef4c9d686

SHA256
85083ab2f22352a6d506a62da9561a48c81542c844027bac2f9ac7ddd378c225

SHA512
6e4f6eedabd015f08b938d905168b2a2c6f3fbed43425b6d54f580349bc61ae0132d0d709217dfb4ed718abb0fed7b13894a98cf2ba25bcb2b6fc2c573016dbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\TempFolder\5815.tmp

Filesize
2KB

MD5
068a0a0e1b6eb46c05ba70960b5729f9

SHA1
df06a330c6e128a2a11d28cbf8b38e41bcd29131

SHA256
a3e1c32de3cf9a92614fb32d44d16147c5b6fecf7abda1cb3cd47515ae27f3fb

SHA512
c409212f58e54d348d3efd21069761362a88bf2074cbdfcec7dd030356f648a6248c12f2101d83ff7b3397318cdd8208131b17cd254897faac1b987f71fc04c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\TempFolder\lang\Arabic.lang

Filesize
19KB

MD5
488473610692e46fe29a40505ab9fbfa

SHA1
4512fc24b6561c4fd5b1cf1a1b4e76f8b00cea40

SHA256
3c29ace3b149675ee1ce6027c8f299cbf703ba15a0a29ee048f528786a2908f5

SHA512
477b16c8302eb6d3da1d975bc682941556e9fbf36a79babacdc16d7dce645e3b1d271b64058539248b6e10e70623d99edb338c2dc1c75fc65981c215f278228d

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\TempFolder\lang\Bulgarian.lang

Filesize
22KB

MD5
e1e3bd273b53e9b7ba47ca1585652a37

SHA1
b63609a4d134e70de2ea15d942fae427f161325e

SHA256
9853059cf1880e9470116c0b4643f22439583b9612d2551690192cda9cad1934

SHA512
d84b31c10a0de8f66c059c0f712e3635576e1a9dc624cf9119a9f96bbb83dd087b87d3d522eca37b6cb88b0ac85ec3e9db2af04b2de16e094e394d437f46ffd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\TempFolder\lang\ChineseHK.lang

Filesize
12KB

MD5
c0b720b598982ec7e15231c3baf91d25

SHA1
6043a96451ffc401ce33453a55f6a2b0c75710a5

SHA256
0e63c8341d043e5018c3fd279db0ba069772d312e93f4187f6c1fdf10b186d0a

SHA512
bb8eb2d210978dcf6cd0f1751c46ed94dbb68a06a2ee01f549cae16e8adde3ba42abb4f648ff2f2a76eaebb0af8aef10eedfeb3c23552bd98dd846de941a7bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\TempFolder\lang\Croatian.lang

Filesize
14KB

MD5
c42af5e8b0bb385e5d41312701b0823d

SHA1
baf4c0275a1d72772a17d0d72871cd75e8c99137

SHA256
8644780bfe01a609836227c1703998f76d4f987733d093dc1edcc252c85671dd

SHA512
2c29073db991d54adfab320a4496ff6abfc3d2c78ea01c75f592ce54535a6b238fb4809b21311f4edbd37f98021bee660509efaae2645f07bcf2a1e1cac98655

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\TempFolder\lang\Czech.lang

Filesize
15KB

MD5
9a0cdcda768a45c545405259486e19d8

SHA1
f7ee44114ee8bc7af0893b58303a8e44d8e1ba61

SHA256
ccf7465c863724770a625737970a87de8100ec59f0e144933289d3daceff2b8d

SHA512
c6656eff0581401f7921038c16a9c91e560c9bd3db408e97749db8e38755821945d72f216212ae0bf2fddb9375d029583ec2737869d8d21f9be68fce2453687a

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\TempFolder\lang\Danish.lang

Filesize
15KB

MD5
fe55bf89805a0de83b5ce26dcc3d979d

SHA1
dc9de3a8ed73690244b1288751df10f40e6ea6b3

SHA256
56c43fbf4717d772b8898181850375c296034dc87df19451134bb3a9eca2d34c

SHA512
cef349fe7d2d2630c493c1689e85693199cb21a095e7cb43b43fa11a750a12e667f700a590c23b1c70da94536f82fb149408f450481f580f7bd7c580405a7bca

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\TempFolder\lang\Dutch.lang

Filesize
15KB

MD5
6fa3b8f95967508a1e90c13553294468

SHA1
0fce85faa65338cb011f38a925ae37566510acea

SHA256
d365e8a27b2bbb2c92bba38884bdfdd290d57b2fa31fab6f64e2830a313769b8

SHA512
6ef54973118da202d85eaba26b85c57f0f63cbdd52570aeab237cda6f080c1d7008796ad780879bc75483717b1ce39784007c57eb5cc3b5775a321a43524f9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\UpdateWizard.exe

Filesize
2.2MB

MD5
287adcd90dc463033f776782441ac45e

SHA1
31efcacba4d4bce74bfb326ae48604fd01f181a2

SHA256
e68b3fdc5ee268bd37102f657603e52497b6863abe010a45bf9ba145bd7609e3

SHA512
7f1383dd28f9a49563f130076fe7c30607c86052bea957a7a3ad4da12e244796e9891b922e5ecbd24b006719ec8cf6ed839f340d949f97c985a5065b3c238bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\UpdateWizard.exe

Filesize
2.1MB

MD5
adeae86ec5ad66ce54ddeef3c4881340

SHA1
240954ac5a5174e14e4975d407c16bf362be27b6

SHA256
377fbb7bc91db715ea7d52b3941b65bbc02344cc2ba1a1ccaf441d3f3ddc4132

SHA512
cb566155ef445a0e9c87388b5e18a5b03bcb959f1b243d6381568b30099496466405d86467bb568918facee7fa2f2c74b0f41b3bc8f6e11b60a68c63f63c894e

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\libgcc_s_dw2-1.dll

Filesize
42KB

MD5
c4b4409f186da70fcf2bcc60d5f05489

SHA1
056663c9fd2851cd64f39d882f6758e7a987bd42

SHA256
b35f2a8f4c8f1833f3cdec20739c58e295758ce22021d03d4335043148bd7610

SHA512
cdcb945a82a0304e4d7cfc9ae9d7e5a5e81d4e3025e982494c87c283f6fac542181e9e1e3028456b9b0b5b6279990cb3e1a50f9df0f6e707c70fa0e23c7a808c

Download Submit
C:\Users\Admin\AppData\Local\Temp\56CB.tmp\mingwm10.dll

Filesize
11KB

MD5
dbda60d92e774b4acb3b1cd71f909426

SHA1
66bfe06a16025f574323a0ce64dcc7c8216eb56c

SHA256
56a59dae638d9bb45ce729a5d6fdfb0ecbe88b37047e4d6d20dbdef1fc90bd72

SHA512
993a1f4af21cd5e13c3b8059cf483b10a58beb0d1777703ea07e9dcb5e7f681fa774e770abe9b6b4ca66b348997da0218d0ff67f18fcca1b3ca1ece2551d965a

Download Submit
memory/1616-146-0x0000000000400000-0x00000000014E1000-memory.dmp

Filesize
16.9MB

Download
memory/1616-147-0x000000006FBC0000-0x000000006FBC7000-memory.dmp

Filesize
28KB

Download
memory/1616-148-0x000000006E940000-0x000000006E950000-memory.dmp

Filesize
64KB

Download
memory/1616-149-0x000000006A1C0000-0x000000006A414000-memory.dmp

Filesize
2.3MB

Download
memory/1616-150-0x0000000065100000-0x0000000065A25000-memory.dmp

Filesize
9.1MB

Download
memory/1616-174-0x000000006A1C0000-0x000000006A414000-memory.dmp

Filesize
2.3MB

Download
memory/1616-179-0x000000006A1C0000-0x000000006A414000-memory.dmp

Filesize
2.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads