Analysis
-
max time kernel
92s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2024 17:48
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exe
-
Size
389KB
-
MD5
bf27a236c30b75ee5d7503ff74db11ff
-
SHA1
17f5aa22d8be3a620f66de106942b3bd42684479
-
SHA256
7aa3bf913eb275ad49021e755b4c00bb8d0288fbf5c8dc9afdfb35524567129f
-
SHA512
e9f611009dbf2c0071addfcef9baf40902fee359ebce06fcf52ba18ce7aa1dead050e03a5410827ee151651bdfdf41bee4bbd1cf3eb9f3c66c8f9ab40f195e52
-
SSDEEP
12288:uplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:axRQ+Fucuvm0as
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
reporting.exepid process 2924 reporting.exe -
Drops file in Program Files directory 1 IoCs
Processes:
2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exedescription ioc process File created C:\Program Files\progress\reporting.exe 2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exereporting.exepid process 4932 2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exe 4932 2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exe 4932 2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exe 4932 2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exe 2924 reporting.exe 2924 reporting.exe 2924 reporting.exe 2924 reporting.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exedescription pid process target process PID 4932 wrote to memory of 2924 4932 2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exe reporting.exe PID 4932 wrote to memory of 2924 4932 2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exe reporting.exe PID 4932 wrote to memory of 2924 4932 2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exe reporting.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_bf27a236c30b75ee5d7503ff74db11ff_icedid.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4932 -
C:\Program Files\progress\reporting.exe"C:\Program Files\progress\reporting.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
389KB
MD5d7e0761dbf04efa98a061fe080c6ea39
SHA1f98d465731388c3297480f0cefe4a55aed5ab8fc
SHA256dc0e3bd9e75fc80219caea825fddb597e06c486739e3e32fa3e899e13fb1edcb
SHA5125ff262c0a66e087524fbb7759ebf058ada4407de717e86ca9168fc86b53a8cd626ce64903cb99bf28f6bb1a248b9b57c01b049e9eba2a4da4f2811d76431fcb9