6a4ce8ce52b6bbd8e688720f4c60ebc5c10f6d7defe1b70acda5ec1d7e0b5f00

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 00:32

Target

2024-02-13_730e47165589d4d9630f8eb41d1fd59a_icedid.exe
Size

426KB
MD5

730e47165589d4d9630f8eb41d1fd59a
SHA1

a02cdabdd55d6f3623fa4886d3db66747b133e92
SHA256

6a4ce8ce52b6bbd8e688720f4c60ebc5c10f6d7defe1b70acda5ec1d7e0b5f00
SHA512

02d0a35a62265761ec9bb9a3abfc2681351a6bf4d58ad43bee4fd6fc6641de96afe6974ee1d98490e0d1d10de8b07331e92693572b799f4c28c0b184a702ce86
SSDEEP

12288:splrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:4xRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2468	Brockschmidt.exe

Loads dropped DLL 2 IoCs

pid	Process
2508	2024-02-13_730e47165589d4d9630f8eb41d1fd59a_icedid.exe
2508	2024-02-13_730e47165589d4d9630f8eb41d1fd59a_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Wesley\Brockschmidt.exe	2024-02-13_730e47165589d4d9630f8eb41d1fd59a_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2468	2508	2024-02-13_730e47165589d4d9630f8eb41d1fd59a_icedid.exe	28
PID 2508 wrote to memory of 2468	2508	2024-02-13_730e47165589d4d9630f8eb41d1fd59a_icedid.exe	28
PID 2508 wrote to memory of 2468	2508	2024-02-13_730e47165589d4d9630f8eb41d1fd59a_icedid.exe	28
PID 2508 wrote to memory of 2468	2508	2024-02-13_730e47165589d4d9630f8eb41d1fd59a_icedid.exe	28

\Program Files\Wesley\Brockschmidt.exe

Filesize
427KB

MD5
b5adeb7e96eaa080f03909f3dd48cd93

SHA1
94fa4e5fae4c5d6784f404bd1d3860c19419fff1

SHA256
662076e7e237f287796f785d33c7acf21166e6c07976ff73e38e4a66f12bc3e1

SHA512
52cf90115bbb28c40d1468e4931694607ef0a648e2fb2a2d5a5aa9e15e86009123fad7055d1a525e5b9b7e5a0757e58da16c21713451895f4e7024260d972d1b

Download Submit