3087fe8d9471b5a525008509c8023ac99f5544bdf1014b1ebe886b2a8028291f

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/02/2024, 20:57

Target

2024-02-02_d18df05f411a69fc97083509feabe0ac_icedid.exe
Size

384KB
MD5

d18df05f411a69fc97083509feabe0ac
SHA1

0b7894eb166f3cd456209fc9623a09547cce366a
SHA256

3087fe8d9471b5a525008509c8023ac99f5544bdf1014b1ebe886b2a8028291f
SHA512

c3853437508d0e657664945db9d87294ccbdaa070c08e708bce3dc1b15881ae6c6b6f4891e10413f0ea7e439ce9098f14a47a21c672d1b6c7fe110b2e94293cf
SSDEEP

12288:QplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:sxRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1748	directory.exe

Loads dropped DLL 2 IoCs

pid	Process
1936	2024-02-02_d18df05f411a69fc97083509feabe0ac_icedid.exe
1936	2024-02-02_d18df05f411a69fc97083509feabe0ac_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\root\directory.exe	2024-02-02_d18df05f411a69fc97083509feabe0ac_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1748	1936	2024-02-02_d18df05f411a69fc97083509feabe0ac_icedid.exe	28
PID 1936 wrote to memory of 1748	1936	2024-02-02_d18df05f411a69fc97083509feabe0ac_icedid.exe	28
PID 1936 wrote to memory of 1748	1936	2024-02-02_d18df05f411a69fc97083509feabe0ac_icedid.exe	28
PID 1936 wrote to memory of 1748	1936	2024-02-02_d18df05f411a69fc97083509feabe0ac_icedid.exe	28

\Program Files\root\directory.exe

Filesize
385KB

MD5
84609347adb3a9718b94b56ebcef35a2

SHA1
05dc5012b1dfcc38489a559d86b0fafcb4f851f6

SHA256
e8c285887eb96dd11f406916179946ec09b9d78d3a3f1e8a9d2d4e6f9801d46e

SHA512
068ab209cb27046ccb01546d0e81cc53fd3494d44614bd297698a919c49623f3efcf099a587c8931b67e784b002c77e0a5f34a07990102ffb63062f18a789bf5

Download Submit