31751ff651688239a6e3fb9c763badb16ea3d1704027dc8db833f93fb9238838

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 00:26

Target

2024-02-03_5f33f458886531c4aa6b448b1a4cc0fb_icedid.exe
Size

427KB
MD5

5f33f458886531c4aa6b448b1a4cc0fb
SHA1

901db69092353bd8ae4708cf69525fa0839c7646
SHA256

31751ff651688239a6e3fb9c763badb16ea3d1704027dc8db833f93fb9238838
SHA512

1a1ed5f2e530e297c8d7ace128b89733bf87b41e1270ab8bde0b3e15c51c2cfe3b9a06e933ee4e6e156be881cbffd3491989aea930d239f0b37736bfb8a109e5
SSDEEP

12288:AplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:cxRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1048	with.exe

Loads dropped DLL 2 IoCs

pid	Process
2108	2024-02-03_5f33f458886531c4aa6b448b1a4cc0fb_icedid.exe
2108	2024-02-03_5f33f458886531c4aa6b448b1a4cc0fb_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\DirectX\with.exe	2024-02-03_5f33f458886531c4aa6b448b1a4cc0fb_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 1048	2108	2024-02-03_5f33f458886531c4aa6b448b1a4cc0fb_icedid.exe	28
PID 2108 wrote to memory of 1048	2108	2024-02-03_5f33f458886531c4aa6b448b1a4cc0fb_icedid.exe	28
PID 2108 wrote to memory of 1048	2108	2024-02-03_5f33f458886531c4aa6b448b1a4cc0fb_icedid.exe	28
PID 2108 wrote to memory of 1048	2108	2024-02-03_5f33f458886531c4aa6b448b1a4cc0fb_icedid.exe	28

\Program Files\DirectX\with.exe

Filesize
427KB

MD5
de67e9e94375aac07d11d3c53707e1d3

SHA1
b7f3ddfb77443dbd8e9e57f59f869de1a1cf18b8

SHA256
d8931637368c3745422882f94d3077b10808cdd7ec53e73b31d4d08d6f3cac33

SHA512
0163ab2e6d701f7e717a28a8cac5abd978ad2e3d5936f22cef7c362d812890793a5582907410613cdda0aa60c4ddcf4518229eb9efebbc2843f3145b84ecdbc7

Download Submit