Analysis
-
max time kernel
141s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2024 20:22
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe
-
Size
426KB
-
MD5
d29a20cbba23322c57d4b5dbaf72ce49
-
SHA1
5572fae284b6359c80df4ebf13820f4bb9cb1f54
-
SHA256
dea2a7dd2f48f3c6f49ac1200eb3e57208654dea4c1dc9e648f09488f0235cf8
-
SHA512
8f7c39592dffdfa0b7bad525699afca9e8c6c9df6f5e40b473a932a0cae0773345350b575f175b954af8f505fdf3fa9ba84b521f15282c0b0d2ffc3288dbd40d
-
SSDEEP
12288:ZplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:bxRQ+Fucuvm0as
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
Polish.exepid process 3696 Polish.exe -
Drops file in Program Files directory 1 IoCs
Processes:
2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exedescription ioc process File created C:\Program Files\Korean\Polish.exe 2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exePolish.exepid process 3940 2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe 3940 2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe 3940 2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe 3940 2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe 3696 Polish.exe 3696 Polish.exe 3696 Polish.exe 3696 Polish.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exedescription pid process target process PID 3940 wrote to memory of 3696 3940 2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe Polish.exe PID 3940 wrote to memory of 3696 3940 2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe Polish.exe PID 3940 wrote to memory of 3696 3940 2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe Polish.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_d29a20cbba23322c57d4b5dbaf72ce49_icedid.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3940 -
C:\Program Files\Korean\Polish.exe"C:\Program Files\Korean\Polish.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3696
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
426KB
MD58ba44730c17d4746bf081df0a7499e60
SHA1f2dfc4f3f12e9b3884e701fd6454f8d5a5dceecd
SHA256ed8cea52ffe65a2813e86232477950f03e69e26dfc10d31bdbd3b4564edd2db0
SHA512b453c335be373ae885d750a28aa650a6cbfe763a9ad4bda5226e10011398de881c6623c121fba6aefb0696d84f533f2823cecf952642e6d02e25f9ca53c39103