ed5892e4f7454ff70e2ef8b8a142fe98e922b2e641cabe4e5a6e3d0936350581

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 08:25

Target

2024-01-25_324b727feee4a8d5d451dc9d2950ab8d_icedid.exe
Size

388KB
MD5

324b727feee4a8d5d451dc9d2950ab8d
SHA1

9cb68de5bcbc0da3b0a1f61f762cc0226596777d
SHA256

ed5892e4f7454ff70e2ef8b8a142fe98e922b2e641cabe4e5a6e3d0936350581
SHA512

bba0aa1ab9b1ae60f326eb90aefea7a56072f25d0d478f5d03383d8629a5544d423b4db68804fb1003d582ec1624914db58e4dc90f47d2e3dff9ce34bfb9bb1c
SSDEEP

12288:0plrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:wxRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2260	customer.exe

Loads dropped DLL 2 IoCs

pid	Process
1988	2024-01-25_324b727feee4a8d5d451dc9d2950ab8d_icedid.exe
1988	2024-01-25_324b727feee4a8d5d451dc9d2950ab8d_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\require\customer.exe	2024-01-25_324b727feee4a8d5d451dc9d2950ab8d_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 2260	1988	2024-01-25_324b727feee4a8d5d451dc9d2950ab8d_icedid.exe	28
PID 1988 wrote to memory of 2260	1988	2024-01-25_324b727feee4a8d5d451dc9d2950ab8d_icedid.exe	28
PID 1988 wrote to memory of 2260	1988	2024-01-25_324b727feee4a8d5d451dc9d2950ab8d_icedid.exe	28
PID 1988 wrote to memory of 2260	1988	2024-01-25_324b727feee4a8d5d451dc9d2950ab8d_icedid.exe	28

C:\Program Files\require\customer.exe

Filesize
388KB

MD5
af7e9ed065eefe8a0abbd51467e65703

SHA1
a5371a26964e3492ad179ad898e9c857eecf604c

SHA256
db35439b5337d153a8ae111de3d3ea01e13451448fed8a02380c208d389b5195

SHA512
d33560452e75d3dfefadfb0a2f49f8d1a615000e5b15e042ab6725b7d40847204f38e07152325e4bab7593c312d7049a1cb07af1b96a94324e1b1e94de3058d2

Download Submit