Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
12-02-2024 17:54
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe
-
Size
390KB
-
MD5
e599ce3f5fbaa15d169665445fd1aec1
-
SHA1
814f665fedda6dc6d1b82260a5b121e553daca99
-
SHA256
e3c04d21d51e8f9e3bc34cbd4aea38cb026d57a52cbced6b1248197fadd84144
-
SHA512
07e7235a267d77dcc2724b0cc256b707c0fd62fe69ed9da349b2e99c0a4c205ddbf0c8100c8ce14244cb12055926098e3f8a1c3d55ea8a61c2ba65601108a2bb
-
SSDEEP
12288:DplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:FxRQ+Fucuvm0as
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
GetDXVer.exepid process 804 GetDXVer.exe -
Loads dropped DLL 2 IoCs
Processes:
2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exepid process 2264 2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe 2264 2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe -
Drops file in Program Files directory 1 IoCs
Processes:
2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exedescription ioc process File created C:\Program Files\Tool\GetDXVer.exe 2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exeGetDXVer.exepid process 2264 2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe 2264 2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe 2264 2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe 2264 2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe 804 GetDXVer.exe 804 GetDXVer.exe 804 GetDXVer.exe 804 GetDXVer.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exedescription pid process target process PID 2264 wrote to memory of 804 2264 2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe GetDXVer.exe PID 2264 wrote to memory of 804 2264 2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe GetDXVer.exe PID 2264 wrote to memory of 804 2264 2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe GetDXVer.exe PID 2264 wrote to memory of 804 2264 2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe GetDXVer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_e599ce3f5fbaa15d169665445fd1aec1_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Program Files\Tool\GetDXVer.exe"C:\Program Files\Tool\GetDXVer.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
390KB
MD5cef1a017c2ecf5be0a993dab18fa753d
SHA1dc934859b129ade6244aec12e2a10d26a06838f3
SHA256ea43563d359d499bad85fae808ea60f6a1c85cf367a3c95f16264b55406b6ac0
SHA512846a136fc4bf4953e263fda1a3c5d16d32031e8b0b49f5e6ed7959d1e371b03892a975ad7d5a8c96ee70b92eb051609c99cd63f59c8494eddcca720a2fe3d8fa