838b90e5b66b475d07962e436fad3259fafb995929c46b6d7ac790e600751941

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 18:55

Target

2024-02-13_bb9c33a9782c9a3aa48ab501b25d404e_icedid.exe
Size

277KB
MD5

bb9c33a9782c9a3aa48ab501b25d404e
SHA1

cf9c947ddde20b5a85ee57dcebdedb8f476ca078
SHA256

838b90e5b66b475d07962e436fad3259fafb995929c46b6d7ac790e600751941
SHA512

ff931380baada21f2b5d24219ea7d880ff81581eb0c854bcadb7520e0aa37a294c5a341d0b1ebacff12639c0af56cf3a3f59bde45f94b4e3dadc2cbab36a23b7
SSDEEP

3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1048	.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\.exe	2024-02-13_bb9c33a9782c9a3aa48ab501b25d404e_icedid.exe
File opened for modification	C:\Program Files\.exe	2024-02-13_bb9c33a9782c9a3aa48ab501b25d404e_icedid.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1040	3216	WerFault.exe	83
1956	3216	WerFault.exe	83

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3216 wrote to memory of 1048	3216	2024-02-13_bb9c33a9782c9a3aa48ab501b25d404e_icedid.exe	84
PID 3216 wrote to memory of 1048	3216	2024-02-13_bb9c33a9782c9a3aa48ab501b25d404e_icedid.exe	84
PID 3216 wrote to memory of 1048	3216	2024-02-13_bb9c33a9782c9a3aa48ab501b25d404e_icedid.exe	84

C:\Users\Admin\AppData\Local\Temp\2024-02-13_bb9c33a9782c9a3aa48ab501b25d404e_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-13_bb9c33a9782c9a3aa48ab501b25d404e_icedid.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3216
- C:\Program Files\.exe
  "C:\Program Files\\.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1048
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 1016
  2⤵
  - Program crash
  PID:1040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 1036
  2⤵
  - Program crash
  PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3216 -ip 3216
1⤵
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3216 -ip 3216
1⤵
PID:2384

C:\Program Files\.exe

Filesize
277KB

MD5
8be8f02f532ef3d993baca679f7e2e3e

SHA1
c5842be437f7498c33ecf37cba99c12aaacbd031

SHA256
6fc193beda458d50645706216ddc449f08630b0b2cfb93051f10d78d41834d71

SHA512
2de8315eaf2fdde44e541e1c2f238f5af6cab8d2fe8f5a03386a32eb9dbbed07984b0b04fe8fde0ae6446e024f50bf4d7a6752fe72548c0b980ec63c407a7fbb

Download Submit