Overview

overview

7

Static

static

1

2024-01-24...id.exe

windows7-x64

7

2024-01-24...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24-01-2024 03:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-24_8f5b1c7351f69ce1406084f8b9167852_icedid.exe

  • Size

    505KB

  • MD5

    8f5b1c7351f69ce1406084f8b9167852

  • SHA1

    6a984a4cfb4a60e5be72a80d27b832233079c538

  • SHA256

    3ee4be071279d1486ce80cef0cf77034a83df128c4d46ed93a1f531df3702b52

  • SHA512

    061f4c4ea130fee515c96ad393331c8d6b15cfef6d17eda962f7ac481d80a81b83bb0a9cc955d0c43a1aadee0a70bedd980d0b4ddde677e008a9fcca20b0b66d

  • SSDEEP

    12288:KbrxWzTh3VJU8rfS2yl4t+Q0XeijI3AHl/TKAScVZ:KbE3h3VJ7rfylu+feiEQHl7FScb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-24_8f5b1c7351f69ce1406084f8b9167852_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-24_8f5b1c7351f69ce1406084f8b9167852_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Users\Admin\AppData\Local\Temp\QH5060.ins\inst.exe
      C:\Users\Admin\AppData\Local\Temp\QH5060.ins\inst.exe C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE /STANDARD
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\QH5060.ins\qhdata.arj
    Filesize

    130KB

    MD5

    6e673556312d81dd27cb33d019386271

    SHA1

    f4f8514b762608882850ab75acc4ebfdb6670e4f

    SHA256

    9355c30cac08f44a1a5ea091da47865035b445c734465cd6b80bca242a4e2a4c

    SHA512

    ed5b6c760542c541179914dbf420b97f21ea1c8e8923aadb538a68118979be02711f520c36ff3f81321b1516aa731e5e7d668ffad5a6abae1995e8b67f309f50

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\QH5060.ins\setpdn.dat
    Filesize

    7KB

    MD5

    3612be11e391440d0ce2ccb57d74cb0b

    SHA1

    1be817a460433d4c48458a839aa5c0fd9a007cca

    SHA256

    7233e1e9ac1b238f163bb1168e805c76cb918524789c3a2264c9d10d9132973a

    SHA512

    e09a274271c6c46589218ab73eeaeb8e981cdba1a36aa1903f4227e08a82ac6444aa37300f2d5b02bdb3fcc2776e0b9de60176c63d2e76154735331dbe80ae01

    Download Submit

  • \Users\Admin\AppData\Local\Temp\QH5060.ins\INST.EXE
    Filesize

    369KB

    MD5

    be20e131260445cb99956b85c3a9dddd

    SHA1

    a7ec52d7fd174243e538ef3d20eb50c8c23dded3

    SHA256

    76a2fcd636094620c9c3478e06588b40441b3d7719907fa84d52c6cd37229e41

    SHA512

    0044e165511ef58b40d6b46d5a4cb2532df8d5d80c6152343026a20837f169968dff69168d99459b04da3c70e94225f73fd1e92f2a12341268fb1024ef4edea8

    Download Submit