a71f1e987323b9cbbfba1e3e873be69b028ab5bf53ff9bce27b38579d8e55bc2

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-01-2024 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-24_347c3bec223aac2780871cf91d7378f7_cobalt-strike_icedid.exe
Size

669KB
MD5

347c3bec223aac2780871cf91d7378f7
SHA1

71c3b31df977a675fc2af8acbe793846b6a2b4c8
SHA256

a71f1e987323b9cbbfba1e3e873be69b028ab5bf53ff9bce27b38579d8e55bc2
SHA512

33503c62680f2dfbab75192bf02f855133b8f8936e16242ca72520fed4be23ee86b1b16be1227ef9ddad66aaea146e8edac832d7e30fd9e5b3490c64ead4d74b
SSDEEP

12288:92rmpX7iCfXYiEYfHT+77Opq/0H6qgNC74DT/0T9z6ev8z3JuJSj+aMQzVFHpbpn:9C0+yQAMvtaOCcS7K9dyPQXdAgzf7T

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\ddegw\wtest.txt	2024-01-24_347c3bec223aac2780871cf91d7378f7_cobalt-strike_icedid.exe
File opened for modification	C:\Program Files (x86)\ddegw\DDEGW.ini	2024-01-24_347c3bec223aac2780871cf91d7378f7_cobalt-strike_icedid.exe
File created	C:\Program Files (x86)\ddegw\ddegw_port.txt	2024-01-24_347c3bec223aac2780871cf91d7378f7_cobalt-strike_icedid.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2088	2024-01-24_347c3bec223aac2780871cf91d7378f7_cobalt-strike_icedid.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2088	2024-01-24_347c3bec223aac2780871cf91d7378f7_cobalt-strike_icedid.exe

C:\Users\Admin\AppData\Local\Temp\2024-01-24_347c3bec223aac2780871cf91d7378f7_cobalt-strike_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-24_347c3bec223aac2780871cf91d7378f7_cobalt-strike_icedid.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\ddegw\DDEGW.ini

Filesize
280B

MD5
791ac0ddc49867afc0fc2056eb22c084

SHA1
a1928a6d9766b61768c811c51da5575dc5a4fec3

SHA256
30a1ebb1019b621a13973db313f57b520739d458d2fee4537d44d4f8ec0954b1

SHA512
83534fce80ff148a54cc89f6057281c9a795cd279808906600f1266ad390c015505981a2a123be6e52e6f183c1018b0606c8d1d40260890cbc8829ede2757e56

Download Submit
C:\Program Files (x86)\ddegw\DDEGW.ini

Filesize
424B

MD5
d1ecd61a33c7a17eddf996ab65b85a06

SHA1
9456b5c1f5b407715f116e02ffbff3fa2284ed13

SHA256
5dff59397296ae82bbabda50e66c7d4a694e698f8279228f3784f66ce5044571

SHA512
de4fe5d4fa372ff91ea17db898c9a451c03de7457ca8b71ed71ef3839db6ea682d33c302ba3aad250556c52940cab9ddde4374fe652e25a6b6e554834bc4d2f0

Download Submit
C:\Program Files (x86)\ddegw\DDEGW.ini

Filesize
495B

MD5
dfdd605142d17e14fd309c48c7a5e1bd

SHA1
17a4553637413a112bdcb82e6d476dcce275ca78

SHA256
13db74891107a0b803a8d8cbdeb6700c83c39c856b1d4359575c26c33f2938d9

SHA512
aa6c174e1924ca3ec6b72c662280acf1ff3d2a709f5cc3b5efcfe866a387dfccde79870bf94406e41251ddb55f3e03be4a25c08f8f759064eff290d2a288e1f1

Download Submit
C:\Program Files (x86)\ddegw\DDEGW.ini

Filesize
139B

MD5
ecd289ec35e58f31af55e8443f7e7be3

SHA1
7e189c43719dbec22970eabdff90f5fc8f136d58

SHA256
08ee75744e592c16d7ce6dfff5de5eeb2b0ea1b848756b2cf133683249c336d1

SHA512
8a7c445ffa1b194cec9a5186a4e311b7ddbea51831896dd0ddb89cbcc94610d4940b5708e041e9a3ff91727288159c32c9f029388369f25568836405e63f400d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ddegw.log

Filesize
414B

MD5
2914a603a6833b58a14da5d843a104a3

SHA1
ff90d2aaccc25be7aa308db115ec98e800ea6bf4

SHA256
4f60483e79a278b559a8352c172548b256ebccacfe38f3186cfe203beb7af13d

SHA512
1d86afd22f21d570011b7e0c15b131575ed4564f532355579abf96339a8f2ee5d0d15d054b8ab4d0ec9b6e64e65a9bf5d91781b0c4d20903743b86ccd8d5f864

Download Submit
C:\Users\Admin\AppData\Local\ddegw\ddegw.log

Filesize
3KB

MD5
09d72407a8a21d81168f775d53df19a5

SHA1
dca390308b6618fd9da248dad29af13037080c94

SHA256
17583d6802c5d1e0a0ecf9224e5efba8da479e96e57677e5e2539f1affb19ee8

SHA512
2ffd4c4845ed9b17c4a01301420083dc4c442aeae4f0fa175b8d4edb69ae7c24b9c25dd049ad0ecd0c4b4129b3980d8e109dc9c455463684686025780a4ac999

Download Submit
C:\Users\Admin\AppData\Local\ddegw\ddegw.log

Filesize
4KB

MD5
9bcd77e25ad9dca06483fbd9188f8010

SHA1
19c4226ac4b88f519b31efb0b1e9befdac097ab7

SHA256
73b31295ed3646c9f9a8f13c910098422197ffa6af5c8fcf48205eeefeb4d55f

SHA512
92daf1b857d937df23430012a0be10c9c3b471edfc81c205cd3790819a614b2baf5652c67c799daf246b51de7189da72e64463adaf0a1d578b3163efe08eb132

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads