Overview

overview

7

Static

static

3

2024-01-23...id.exe

windows7-x64

7

2024-01-23...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    23/01/2024, 19:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-23_5022e82620669173cf7f4d0803ec9b46_icedid.exe

  • Size

    380KB

  • MD5

    5022e82620669173cf7f4d0803ec9b46

  • SHA1

    9ec28f5751f2ecc951b54905517fb3b69c5b6e4a

  • SHA256

    6bcc4a1da5d200d1c0d1209ee00d3b1721c40c680a2ce5fa6527272fee3cc893

  • SHA512

    865fa002c26bcfbd35a618d6ea2bf096fce2b37e8ef936b0a8dbf85d6996cc5b9e9a450056d0382a683f3edea29196e44bc2a1d1a054c716276dfc79f4a87b4a

  • SSDEEP

    6144:WplrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:WplrVbDdQaqdS/ofraFErH8uB2Wm0SXj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-23_5022e82620669173cf7f4d0803ec9b46_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-23_5022e82620669173cf7f4d0803ec9b46_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1840
    • C:\Program Files\Sample\GetVersion.exe
      "C:\Program Files\Sample\GetVersion.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Sample\GetVersion.exe
    Filesize

    296KB

    MD5

    50bd26b963990c7aa7ea1c8c011656c1

    SHA1

    29bc5fa0396c8d7508e3e6cce6399f7335050ff6

    SHA256

    6befbba4650bd7ee9f52a6ceb3135ba8203ae0faa37596ddaf0ee8ac3066341e

    SHA512

    4c822a1b1a833f8f7384981e53337ff2a5082aeeb5e772f56ef17684e6660883b9915b5f1e0726bc6daa6fbbb23169fd845de0bdd9ab9a680096aa1e91ada0d2

    Download Submit

  • C:\Program Files\Sample\GetVersion.exe
    Filesize

    183KB

    MD5

    497b4fc7bf1c8bf1c9c1e89f9a88ce81

    SHA1

    77b774553d15d8bdd13218e6a9ec4179209f34c4

    SHA256

    0e010225992df0f98dc9618efa9dd05d88bc7576a210c291fbff5a5bf9c47d25

    SHA512

    e0dda39ed84fedb879b6b7c2c19854411b267cb213923fd17898ce308fdcb47d6d0eb78cbc5094aefac0823bcbb2d3d81994e4ae4d2fa4f2ba6856866cb28f1c

    Download Submit

  • \Program Files\Sample\GetVersion.exe
    Filesize

    377KB

    MD5

    e98710b3c241099c073e18fdd0985ca2

    SHA1

    d21881fa87577f74edb6a37fdb7a130d7831034e

    SHA256

    c90fced3aa26254e821afe9d2ca5ef105aa06fb4cfdc177b5bb96abc807ad527

    SHA512

    58bc82887ceec83aa8210c655e87c873b31ec10543b327a9db718e00d19ca8d5316346d226fd9a174c3f5bf8c83ecee42129d908b37dc6db17daad10c8542af2

    Download Submit

  • \Program Files\Sample\GetVersion.exe
    Filesize

    268KB

    MD5

    ee84339c25303460f6b798385add669e

    SHA1

    1d04b3b0e5e7b137f5052aaf9a5e0af43ec18d17

    SHA256

    14995c42e87e1a58f28b55e3cadbb949d0abd9d011585a70c9b25b071018ca32

    SHA512

    151ec13f2aabcfa9721219a028e7578508613533061760473bde99d454152bf23dee494aa49eb1435ac645491e02d72147725d3cf2dee3dda6ecaeb3b600a06d

    Download Submit