Overview

overview

7

Static

static

3

2024-01-27...id.exe

windows7-x64

7

2024-01-27...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2024, 10:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-27_eee8a4bf322aa487824dcca442d0c187_icedid.exe

  • Size

    385KB

  • MD5

    eee8a4bf322aa487824dcca442d0c187

  • SHA1

    2f812c128ef42445da51ed289ac990dda173e32e

  • SHA256

    f40c682735cb2c255608699d8e9bf8c842f00f5e26b08c8bd6c9729b921e4d28

  • SHA512

    f18f2eccc22f289d14288a424fc61a49cfede0ca0d904d79fce29519e43fd27a74be98587ba53ec1a87d5db079fb0d153b287f5ee630e5b74dbda724f134c53c

  • SSDEEP

    12288:QplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:sxRQ+Fucuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-27_eee8a4bf322aa487824dcca442d0c187_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-27_eee8a4bf322aa487824dcca442d0c187_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Program Files\Kaufmann\Publishers.exe
      "C:\Program Files\Kaufmann\Publishers.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2356

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Kaufmann\Publishers.exe
          Filesize

          76KB

          MD5

          2688785777494529e4900bdd278253be

          SHA1

          360ab0710a04bdb4ae5db6a7176227a4a3d6df80

          SHA256

          0320a0311aa68f729eb07b5a35cb3a1a231eb42779dabc98fab931e24b830069

          SHA512

          bd470eda81deb4bf9564709690421e8caf5c52c354853160b92a75a2111b41f2fc4efcf2473938fc5321a77da5322055c6757581fa64d4a700908f22c186869e

          Download Submit

        • C:\Program Files\Kaufmann\Publishers.exe
          Filesize

          102KB

          MD5

          ebd20608a409886de21e9920dc899ed4

          SHA1

          554f0c4801319b688d5d82437afaec2a0dd682c1

          SHA256

          dd5be31c79f8062652f750a82973c96c7f1139894b5991c6608d2457fcdef3aa

          SHA512

          944bcf941e59ed204d2c36a342cddd8e4cd148785ff0d29e29a103e4422858f1638751aab3c1136940a3e6dbdccf24c143de8fd411ec4447cd9d5a9810864954

          Download Submit

        • \Program Files\Kaufmann\Publishers.exe
          Filesize

          68KB

          MD5

          4a35f752706858f89edd00c99c3fbf62

          SHA1

          f1476f793603288a32a985b1b3b6bd7fe2dcf6c2

          SHA256

          25b013b96e58333e8984d8b06f0dc4914376a2c7a74a6bbbecf27c8a9b6ecbb4

          SHA512

          7b3439ff11ad22160a951146ec5531fd6e4f6b45f0ce4f0e6f425d6cd2b4ef9b41e2e324c06007d865f038577ff0a913b008ce86516a834b9208ee94027a2bd2

          Download Submit

        • \Program Files\Kaufmann\Publishers.exe
          Filesize

          56KB

          MD5

          62a3306ee709afd110bf2273a1b8badf

          SHA1

          154784bb8cc9465ef658367680e0a1c43bea8f78

          SHA256

          6295344f9ccd44c75d26612a528f00a4e3a90a93992ae543166e77c300f7db37

          SHA512

          8a8f80ac8280d9f0efd75410083aa5fdba5e19c73ea1b4553d7745388b1cc92eb3ebf67d424d3e79bc96f3389e55f43763d906871b55d14dde332519d3385854

          Download Submit