Analysis
-
max time kernel
94s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25-01-2024 15:37
General
-
Target
2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe
-
Size
380KB
-
MD5
760df6b23762ec89a0a36f2f2d528118
-
SHA1
60b94d2fcc1844b59829e24b1324d4acd9a561a1
-
SHA256
64cbf853beeb55de54576b752151b4808ddee4d83020671ca0529b5ca2394dde
-
SHA512
d731c8ef2432bfde6fb94ccf2d3eec32d924e3d578720494c5c8f256bb57b02c006801ce8ebb8a2d2aad08f873e862fb9d437ccead294b8057182df29cf37016
-
SSDEEP
6144:1plrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:1plrVbDdQaqdS/ofraFErH8uB2Wm0SXj
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Executes dropped EXE 1 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_760df6b23762ec89a0a36f2f2d528118_icedid.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\novice\errors.exe"C:\Program Files\novice\errors.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\novice\errors.exeFilesize
381KB
MD522eacb102ac617f45f1a201f372018a6
SHA11f15141810f9570fb8f7b8db37eae0c016831c13
SHA2562abef9dda0be117146e8d46fd1ce0117a00bb83bbf0b4bd3c3f212d1745b3c1d
SHA5120a5eba2ec59bfcc5d9830953404e205679a5732fc0c6687bd64a36443d20d2ce6fbdf930313767f2d25f24c1120ffbb4ee00426c37dcc9c21662b78d99ecc93f