6b84ce0f3100443d093de8dbf1b842bea699b51c90dfd62b31d6d5647d01437e

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 22:24

Target

2024-02-12_27caf8dfbe554f5f11f2167df7be0545_icedid.exe
Size

311KB
MD5

27caf8dfbe554f5f11f2167df7be0545
SHA1

194fa0cf85fd3b6b6dc9e5e65911c2a44df383c1
SHA256

6b84ce0f3100443d093de8dbf1b842bea699b51c90dfd62b31d6d5647d01437e
SHA512

6b34a9b48ff16a4a240c8b33c854765c09692c69d248608bc3aaf0fcea900ea8d4b3febab8944600972299bdbf4923f26985ba4ac34837d611b032065fb50d47
SSDEEP

3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4124	Suppress.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\indicator\Suppress.exe	2024-02-12_27caf8dfbe554f5f11f2167df7be0545_icedid.exe
File opened for modification	C:\Program Files\indicator\Suppress.exe	2024-02-12_27caf8dfbe554f5f11f2167df7be0545_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 4124	1224	2024-02-12_27caf8dfbe554f5f11f2167df7be0545_icedid.exe	85
PID 1224 wrote to memory of 4124	1224	2024-02-12_27caf8dfbe554f5f11f2167df7be0545_icedid.exe	85
PID 1224 wrote to memory of 4124	1224	2024-02-12_27caf8dfbe554f5f11f2167df7be0545_icedid.exe	85

C:\Program Files\indicator\Suppress.exe

Filesize
311KB

MD5
fb62e30f37ab8c71704d61dfc15a7b04

SHA1
611164eb4cd67e8c15d6b23a49f2094011ea3480

SHA256
1dfb00dae328d127df33eef87725b6f45d9fdadb692002ea7973fb35431df939

SHA512
59fb38aca95bc06a3fbdb85fea5f6d013617259184b481b6df59fdbdac747b55539a0534487fda4ee827307d98e49df2486a52c5d5627fe087f7f14d0198da6c

Download Submit