Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 15:37
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe
Resource
win7-20231215-en
General
-
Target
2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe
-
Size
380KB
-
MD5
760df6b23762ec89a0a36f2f2d528118
-
SHA1
60b94d2fcc1844b59829e24b1324d4acd9a561a1
-
SHA256
64cbf853beeb55de54576b752151b4808ddee4d83020671ca0529b5ca2394dde
-
SHA512
d731c8ef2432bfde6fb94ccf2d3eec32d924e3d578720494c5c8f256bb57b02c006801ce8ebb8a2d2aad08f873e862fb9d437ccead294b8057182df29cf37016
-
SSDEEP
6144:1plrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:1plrVbDdQaqdS/ofraFErH8uB2Wm0SXj
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
boxes.exepid process 2840 boxes.exe -
Loads dropped DLL 2 IoCs
Processes:
2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exepid process 2060 2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe 2060 2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe -
Drops file in Program Files directory 1 IoCs
Processes:
2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exedescription ioc process File created C:\Program Files\Employ\boxes.exe 2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exeboxes.exepid process 2060 2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe 2060 2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe 2060 2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe 2060 2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe 2840 boxes.exe 2840 boxes.exe 2840 boxes.exe 2840 boxes.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exedescription pid process target process PID 2060 wrote to memory of 2840 2060 2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe boxes.exe PID 2060 wrote to memory of 2840 2060 2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe boxes.exe PID 2060 wrote to memory of 2840 2060 2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe boxes.exe PID 2060 wrote to memory of 2840 2060 2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe boxes.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060 -
C:\Program Files\Employ\boxes.exe"C:\Program Files\Employ\boxes.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Employ\boxes.exeFilesize
381KB
MD55fdc13302b2ff0c186dc08d47d4b90cf
SHA18005c186c31dca8b3b1931e6a7226b6395c491b6
SHA2568dbae458bbb076a0a2697f01a4391ca0d3e02b0fae12bdfc206b77a64d121099
SHA512d87a124f955f146b01b781c9edbca39eba2e54d0f95ef8837410739f106c23aabd5581f98930cb2230fbda72d87a998b714584d569f619487602a28484804a50