Overview

overview

7

Static

static

3

2024-02-12...id.exe

windows7-x64

7

2024-02-12...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-02-2024 20:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe

  • Size

    426KB

  • MD5

    d29a20cbba23322c57d4b5dbaf72ce49

  • SHA1

    5572fae284b6359c80df4ebf13820f4bb9cb1f54

  • SHA256

    dea2a7dd2f48f3c6f49ac1200eb3e57208654dea4c1dc9e648f09488f0235cf8

  • SHA512

    8f7c39592dffdfa0b7bad525699afca9e8c6c9df6f5e40b473a932a0cae0773345350b575f175b954af8f505fdf3fa9ba84b521f15282c0b0d2ffc3288dbd40d

  • SSDEEP

    12288:ZplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:bxRQ+Fucuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Program Files\Japanese\Korean.exe
      "C:\Program Files\Japanese\Korean.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Japanese\Korean.exe
    Filesize

    402KB

    MD5

    e98b7878bce8081821b00dd6d68c1364

    SHA1

    b80b34644fa9de55639fb238f0fa2dcad2ca06a1

    SHA256

    d64669f2f523ffa239bd4878e87259b8d373cfa62a10ede677219cea9dec9546

    SHA512

    af4fe50f4c0ea38deeef0ecc427f4af267cb8fa2dd7e8c5cf632cfe1aa8ef724f13d7d500ceebe0f6a705a6463b2ba4d5a69baf54647607cf614e0402f026821

    Download Submit

  • C:\Program Files\Japanese\Korean.exe
    Filesize

    125KB

    MD5

    68ae504e2af00e994f2953c917437f6d

    SHA1

    28144ececbbffc19258450db28170b808f50bd49

    SHA256

    e59e881cd8df6da239efeb45e72e7732d3bbf6cabbc46395cfd70e59112930c2

    SHA512

    c633bcd5fa9a221fa1ef273ff829b60a405c5ce00271e03a0d19bc1e468ffaa8409474a2b1e9a31c2fa136190652393ea9f35e138aa3fae8ac04613989e3434a

    Download Submit

  • \Program Files\Japanese\Korean.exe
    Filesize

    426KB

    MD5

    d4615a99aa3104f332cbf3e55d644cf1

    SHA1

    5c4e5ff04bd1ccbd69fd258027bd37681ce89400

    SHA256

    01d9bd175cd17f69c207fdf1ea48acc8778953f15bc3bfbc4aabbe4865ba29f9

    SHA512

    a4fc8a83ae399f13039cd2167970ed1fd50b2876589aecfd5aaac6296f957eec8ed32a335119909e7550faaeb0fadf00f9f9d22609ea21f81e6c278e3db5bea3

    Download Submit

  • \Program Files\Japanese\Korean.exe
    Filesize

    109KB

    MD5

    834ec28cbf8c56ef3127ebf0f12a1137

    SHA1

    c8f0f7eb3c484f1211f5c363202ac55a97058ef9

    SHA256

    630074f99927c40e8227bcc20ea25158ffe1971f26469c49fa2929b434b58c89

    SHA512

    eff428d1b175b3dc00044cfd6b9ca0dfaa84d270b189b0fd3728f42bb8470ed5cbf00e7290994b295fa8f6b911b19939c2ef9da606057ba7541a2a4f44ee3b34

    Download Submit