Analysis
-
max time kernel
146s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:53
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exe
Resource
win7-20231215-en
General
-
Target
2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exe
-
Size
427KB
-
MD5
e489cd47cd247f176cf2d1e2b252f4c7
-
SHA1
deae441f03b470ddecab3055861421e8cd873b95
-
SHA256
d697cd0fefa11ff36271a32488c95046b5e3530fc891687e8664d2258c8c0cc4
-
SHA512
d08d36601cf247c95519c61e9d2da6d4748dc44e17f76ba8eb2cf1da1186b4386d9844ad512c2e8d50233a9b22c5ac4180a143048b8d2f3b84000bb4cc874f05
-
SSDEEP
12288:yplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:+xRQ+Fucuvm0as
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
Debugging.exepid process 2408 Debugging.exe -
Drops file in Program Files directory 1 IoCs
Processes:
2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exedescription ioc process File created C:\Program Files\Education\Debugging.exe 2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exeDebugging.exepid process 636 2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exe 636 2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exe 636 2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exe 636 2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exe 2408 Debugging.exe 2408 Debugging.exe 2408 Debugging.exe 2408 Debugging.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exedescription pid process target process PID 636 wrote to memory of 2408 636 2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exe Debugging.exe PID 636 wrote to memory of 2408 636 2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exe Debugging.exe PID 636 wrote to memory of 2408 636 2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exe Debugging.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_e489cd47cd247f176cf2d1e2b252f4c7_icedid.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:636 -
C:\Program Files\Education\Debugging.exe"C:\Program Files\Education\Debugging.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Education\Debugging.exeFilesize
427KB
MD510178ee8143dcad05ca6824b5e2d4f33
SHA1956a82b09b105045d177bdfcf01804243a8699ee
SHA2567d38b5e643138ec9d48c0cfc218add17eaf665b5a08768dd2f2a79cc46f11a03
SHA512391f30cacec8ff5eedf5b354f555e318c5767a50446b684dc4c1de2409800b44616ffe2260b75658e4983fec2a56d63fc4e1c55a2e99c1994559a6926ff6f6ae