f086b4a3973851cd569e1db672c63ebc28238c4a0eb26c007158db06705e717c

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 19:25

Target

2024-01-27_21969b16de0789c7ea4501ed15864941_icedid.exe
Size

423KB
MD5

21969b16de0789c7ea4501ed15864941
SHA1

f3a694434983cdd609d03b2444fb556a3bd8e3f5
SHA256

f086b4a3973851cd569e1db672c63ebc28238c4a0eb26c007158db06705e717c
SHA512

e12415f2b7b3a8ed2892978260ec0696695c83483932ffb8619bc7d3b4e2a3ea6d53b7e85750619925904ba3c4683f13ed4c87645e16c429b1af9be533a80afa
SSDEEP

12288:yplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:+xRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3116	compact.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Autorun\compact.exe	2024-01-27_21969b16de0789c7ea4501ed15864941_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 3116	4892	2024-01-27_21969b16de0789c7ea4501ed15864941_icedid.exe	62
PID 4892 wrote to memory of 3116	4892	2024-01-27_21969b16de0789c7ea4501ed15864941_icedid.exe	62
PID 4892 wrote to memory of 3116	4892	2024-01-27_21969b16de0789c7ea4501ed15864941_icedid.exe	62

C:\Program Files\Autorun\compact.exe

Filesize
424KB

MD5
3327d4755a2270d1b607349b86a0e1d2

SHA1
539f5d4163a3b316660a0ed260c3fe22cda8f182

SHA256
5f7691ece731ed615d80054134e553d2363e80ded7bd4fd9cb24ae13913dadd9

SHA512
1397b8c13c10207abb16ff7ab03897d450606f1c2d4bb57acf49d76f50dec626ce00e5bc881614becec45d7e9e195b25eff6ac9d4731ea0460b3fff16ab0fd60

Download Submit