Analysis
-
max time kernel
146s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/01/2024, 05:23
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe
-
Size
309KB
-
MD5
180ef8d963e39b06a6956422eb99d17f
-
SHA1
28077a5ee0a6b28afb011192b9627bb3bd55dd61
-
SHA256
63140dbcde2ca2fde64c670b8c360a88fc0506adb310e205153e3755fd7f284b
-
SHA512
715dcf7b14d3374b1ee8d45cbaedf5fd73830cd94300d32c5a807bb4367cce33f88a7bedeca1da391f4191febefc4c6c78933920056e73c700551cc8ebc2863e
-
SSDEEP
3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4644 structures.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files\several\structures.exe 2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe File opened for modification C:\Program Files\several\structures.exe 2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 5052 2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe 5052 2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe 5052 2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe 5052 2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe 4644 structures.exe 4644 structures.exe 4644 structures.exe 4644 structures.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5052 wrote to memory of 4644 5052 2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe 87 PID 5052 wrote to memory of 4644 5052 2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe 87 PID 5052 wrote to memory of 4644 5052 2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5052 -
C:\Program Files\several\structures.exe"C:\Program Files\several\structures.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4644
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
309KB
MD59e7e233bf59eb2b6ac9e823d4a90b953
SHA12114e1e4b22d286143b4b720c15c70c4bfa7346d
SHA25689a94b928123f352991bfbc5d05ad154fdfa6377e4796a5f3a68812406fdee9e
SHA512c7045b3de5caf7c3485b71751c35d4c1db54aa70f65855e7bfd13404e8c9177a8d0e596c0a861445ee4cedc81785d979c0314c496c6bfed75c49adbf449276b7