63140dbcde2ca2fde64c670b8c360a88fc0506adb310e205153e3755fd7f284b

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 05:23

Target

2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe
Size

309KB
MD5

180ef8d963e39b06a6956422eb99d17f
SHA1

28077a5ee0a6b28afb011192b9627bb3bd55dd61
SHA256

63140dbcde2ca2fde64c670b8c360a88fc0506adb310e205153e3755fd7f284b
SHA512

715dcf7b14d3374b1ee8d45cbaedf5fd73830cd94300d32c5a807bb4367cce33f88a7bedeca1da391f4191febefc4c6c78933920056e73c700551cc8ebc2863e
SSDEEP

3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4644	structures.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\several\structures.exe	2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe
File opened for modification	C:\Program Files\several\structures.exe	2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 4644	5052	2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe	87
PID 5052 wrote to memory of 4644	5052	2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe	87
PID 5052 wrote to memory of 4644	5052	2024-01-26_180ef8d963e39b06a6956422eb99d17f_icedid.exe	87

C:\Program Files\several\structures.exe

Filesize
309KB

MD5
9e7e233bf59eb2b6ac9e823d4a90b953

SHA1
2114e1e4b22d286143b4b720c15c70c4bfa7346d

SHA256
89a94b928123f352991bfbc5d05ad154fdfa6377e4796a5f3a68812406fdee9e

SHA512
c7045b3de5caf7c3485b71751c35d4c1db54aa70f65855e7bfd13404e8c9177a8d0e596c0a861445ee4cedc81785d979c0314c496c6bfed75c49adbf449276b7

Download Submit