28e0e2f5ce4fea48db08ff20626cf4a71e6aac84199518e66e20ce8b190ebc61

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 18:22

Target

2024-01-25_0d80cb7127b37d94693c787c24f90609_icedid.exe
Size

271KB
MD5

0d80cb7127b37d94693c787c24f90609
SHA1

95965dbfa7290854aa1d132c8e8acf91ebdffc22
SHA256

28e0e2f5ce4fea48db08ff20626cf4a71e6aac84199518e66e20ce8b190ebc61
SHA512

16db6806183b0a9001a86546fdaa5d1a6173e44a48f530f6553dd3a034522d90a3c06c42ebb32ee029576fd127c1ac02b5f7d27bb1ad209038b1b2999c567cbe
SSDEEP

3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1392	.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\.exe	2024-01-25_0d80cb7127b37d94693c787c24f90609_icedid.exe
File opened for modification	C:\Program Files\.exe	2024-01-25_0d80cb7127b37d94693c787c24f90609_icedid.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1208	2536	WerFault.exe	84
3452	2536	WerFault.exe	84

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 1392	2536	2024-01-25_0d80cb7127b37d94693c787c24f90609_icedid.exe	85
PID 2536 wrote to memory of 1392	2536	2024-01-25_0d80cb7127b37d94693c787c24f90609_icedid.exe	85
PID 2536 wrote to memory of 1392	2536	2024-01-25_0d80cb7127b37d94693c787c24f90609_icedid.exe	85

C:\Users\Admin\AppData\Local\Temp\2024-01-25_0d80cb7127b37d94693c787c24f90609_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_0d80cb7127b37d94693c787c24f90609_icedid.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Program Files\.exe
  "C:\Program Files\\.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1392
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 1056
  2⤵
  - Program crash
  PID:1208
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 1064
  2⤵
  - Program crash
  PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2536 -ip 2536
1⤵
PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2536 -ip 2536
1⤵
PID:2480

C:\Program Files\.exe

Filesize
271KB

MD5
8d25662b5339314fda189d031ea6bdc2

SHA1
24d8046188ba64e66d36b1a8d705ac86da7cc5b4

SHA256
e1f9417230b07287c2e5e010416ff7713e817c4b58575a6076a8aef249809450

SHA512
a83c0f9dfebd907659f5198679ed8b8c5cc7fba3e599c3c319e0ade1b2e817542da2b291644bb47a017fee3f0664600f9a9a8c7d562ac34756bc4df924a01f3c

Download Submit