Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2024 19:24
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exe
-
Size
383KB
-
MD5
78ff99dfa89a35fbbfe1508919c4a723
-
SHA1
ade9ce9645c857cc4d18d74a36db6f872e77ebd8
-
SHA256
0be63a120bd6407cc77a46efc95b4e47c884650e8e645b27aaec59cfb6a1afb7
-
SHA512
d4f838f0ebfca4e13c3f2fdef56294be508954bf6eafa783218258979dd813cce2a67293da08908dda17bca94dd796778d410d92f556fa3aee5d3c1775efd0ea
-
SSDEEP
6144:2plrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:2plrVbDdQaqdS/ofraFErH8uB2Wm0SXj
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
approach.exepid process 4532 approach.exe -
Drops file in Program Files directory 1 IoCs
Processes:
2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exedescription ioc process File created C:\Program Files\silently\approach.exe 2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exeapproach.exepid process 876 2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exe 876 2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exe 876 2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exe 876 2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exe 4532 approach.exe 4532 approach.exe 4532 approach.exe 4532 approach.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exedescription pid process target process PID 876 wrote to memory of 4532 876 2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exe approach.exe PID 876 wrote to memory of 4532 876 2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exe approach.exe PID 876 wrote to memory of 4532 876 2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exe approach.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_78ff99dfa89a35fbbfe1508919c4a723_icedid.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:876 -
C:\Program Files\silently\approach.exe"C:\Program Files\silently\approach.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4532
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
383KB
MD534c3bc55a594c62c5248a47e0aed758c
SHA17ae10345298ce63971d65e944186acf0f4982a2a
SHA256c01f57bbaf8632aef9e43e9f5772ccadc94b7a122adfa50828ab4fb8b747783e
SHA5121d0b2c4718175ac3312e0f16b71751ccee6e7de880108ab624a4ff8ca5e4343cbc713a35b294241fbcec5f16c2422069156bb3dfe9191df4d2c8fb87490af430