Analysis
-
max time kernel
136s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:47
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exe
Resource
win7-20231129-en
General
-
Target
2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exe
-
Size
309KB
-
MD5
b730f1b1a6318cdaa708dfd5a9f969c3
-
SHA1
98f1bdcd6feedcf52f42192d3097c01b94a97d63
-
SHA256
4ec91831fe3b1c7faf2413adced3b2b090ba0d7ef9dffdb677963fc926c9e513
-
SHA512
ea347cae73b0c44343a7f1786d7f84958b26e4adea2fb92e70549276b6a71dd986ca6cb86a5f15e07040da325aa7fef41825222c773a721648e337121254ed41
-
SSDEEP
3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
optional.exepid process 1056 optional.exe -
Drops file in Program Files directory 2 IoCs
Processes:
2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exedescription ioc process File created C:\Program Files\released\optional.exe 2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exe File opened for modification C:\Program Files\released\optional.exe 2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exeoptional.exepid process 892 2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exe 892 2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exe 892 2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exe 892 2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exe 1056 optional.exe 1056 optional.exe 1056 optional.exe 1056 optional.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exedescription pid process target process PID 892 wrote to memory of 1056 892 2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exe optional.exe PID 892 wrote to memory of 1056 892 2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exe optional.exe PID 892 wrote to memory of 1056 892 2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exe optional.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_b730f1b1a6318cdaa708dfd5a9f969c3_icedid.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:892 -
C:\Program Files\released\optional.exe"C:\Program Files\released\optional.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\released\optional.exeFilesize
309KB
MD538a82481c55fa620357c079ecc0ef10b
SHA1c31a038670abb4729c78807d0dd15d18c31fb963
SHA2560e2aeedcd5ca0bdca0c70107964d0c24d410b3456ba65f8b05c55bbc7c93db05
SHA51231efcd3aa70afc9b4bc0e663ae83200ff3a084a68e42575357db3edf7bbf001ec17b3bfcca6dbcc9b06cccdbd397af92f50a705737113317feebb6649ee8f728