Overview

overview

7

Static

static

3

2024-01-24...id.exe

windows7-x64

7

2024-01-24...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/01/2024, 04:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-24_0a410cddd96de0ec39a0f5c81f5b34dc_icedid.exe

  • Size

    311KB

  • MD5

    0a410cddd96de0ec39a0f5c81f5b34dc

  • SHA1

    612c77bc124db4d1abd58815f195eb204c156fe2

  • SHA256

    0a0593186e77199635b676f9f5f7cc26053bba75cf08684da3288bb1c24ee458

  • SHA512

    5cd70328331d765a5620ccaf659ce3423fed9bfcc8d1441ff0d74c309eddb49166c395c27ff7a3fe2becbd791417b6307e9c7401a5d83dedfb301de057781b22

  • SSDEEP

    3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-24_0a410cddd96de0ec39a0f5c81f5b34dc_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-24_0a410cddd96de0ec39a0f5c81f5b34dc_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2800
    • C:\Program Files\Redistributable\contained.exe
      "C:\Program Files\Redistributable\contained.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2320

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Redistributable\contained.exe
          Filesize

          192KB

          MD5

          c23ca0d00658bd5c548661f2682084ab

          SHA1

          d25c18ca24fa7e31a5163a530f15ebc691afd4a7

          SHA256

          a7909ae1606f68d738f4c77295d0885f390f9da203049fb2a6d409b37aa1a507

          SHA512

          2637f745bc04715b6620d8e183f5035f5e9da55160205659c843daec2a0b845dbfaf9c265de970f1227f654005d3d59440c17ae9a0e4fce41cfd88124f199980

          Download Submit

        • C:\Program Files\Redistributable\contained.exe
          Filesize

          128KB

          MD5

          4ba6b32579066ec712c096a958680b11

          SHA1

          58a0409eb4cbf9beafe02b11836308685a35dfec

          SHA256

          7a006c6f39222d2b70dab9fb8d296820643292317932b60c57d3edd2efb6420e

          SHA512

          3a1ba971e55c8c7ea390d4ac53e0c297172888bfd34639a20be1aac38b61d4e0d0bbe7dc77ed84b227c89233d1d98fb9ad96b268faa8cb2cf1b71d5860517f57

          Download Submit

        • \Program Files\Redistributable\contained.exe
          Filesize

          270KB

          MD5

          54efc2112476fab6ffd6df4011b28b6f

          SHA1

          a1fc3bd889ec8d7dbd956d9043cbfc017122bb92

          SHA256

          08b92d0d98422448312955df13e4ba494e04db572d2876da66b6c709faf2bb05

          SHA512

          1952e149a3e0979f22bc6a4b848e5cb8e487a7d1212c967763f02aa14d34530a6f89c302931616b5b0a808f551787c5027b804fe154f4e43da5d3fd7aef4b619

          Download Submit