80693cbd00dca48f9533d8c658e5bd437bd3fcb0783c437220ed00b51fc88d8b

Analysis

max time kernel
137s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 09:43 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-02_1ee9e368552e22799af93651794a2f10_icedid.exe
Size

2.8MB
MD5

1ee9e368552e22799af93651794a2f10
SHA1

0788dd962ab6689833b00570827b5f6d699ab1f4
SHA256

80693cbd00dca48f9533d8c658e5bd437bd3fcb0783c437220ed00b51fc88d8b
SHA512

3d093ce5995f71926d7f2695285da1ee87713a09e0d2bee20543cb6af07308e179e71759e2c5b3d4a0265306b5458d61c185b9ebcff8b5dbb3ebfa772fdc5668
SSDEEP

49152:MjZbeFjNfCZB7p25g4crYNm8owIhJjt6zwH4wBHwZbeRp:EZ8jYBE5csA8Y6zwH4wVwZyR

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
440	2024-02-02_1ee9e368552e22799af93651794a2f10_icedid.exe
440	2024-02-02_1ee9e368552e22799af93651794a2f10_icedid.exe

C:\Users\Admin\AppData\Local\Temp\2024-02-02_1ee9e368552e22799af93651794a2f10_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-02_1ee9e368552e22799af93651794a2f10_icedid.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:440

Network

DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

205.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.178.17.96.in-addr.arpa

IN PTR

Response

205.178.17.96.in-addr.arpa

IN PTR

a96-17-178-205deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

64.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.159.190.20.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

210.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.178.17.96.in-addr.arpa

IN PTR

Response

210.178.17.96.in-addr.arpa

IN PTR

a96-17-178-210deploystaticakamaitechnologiescom
DNS

66.112.168.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.112.168.52.in-addr.arpa

IN PTR

Response

138.91.171.81:80

104 B
2

8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

205.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

205.178.17.96.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

64.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

64.159.190.20.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

210.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

210.178.17.96.in-addr.arpa
8.8.8.8:53

66.112.168.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

66.112.168.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/440-0-0x0000000075460000-0x0000000075499000-memory.dmp

Filesize
228KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.