Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
17/02/2024, 21:58
General
-
Target
2024-02-17_ca1edd431b18d1474b2c3b9a105609f1_icedid.exe
-
Size
389KB
-
MD5
ca1edd431b18d1474b2c3b9a105609f1
-
SHA1
e3bd796a964b58d5d3e10a7d676c054e4cb81d65
-
SHA256
ce7d4dd9ac82bb9e4dae812b62f4c492abd6cd004bd1b5d4e78addb9ad2d42d5
-
SHA512
050f9e995a759a7c6a665350d99f08c823a96420a80c2d5a5dc93268fa01a624143e4fd317af105fd79da1f5c7b21529c389761030b83cfa25a2641ddfe30de1
-
SSDEEP
12288:cplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:oxRQ+Fucuvm0as
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-17_ca1edd431b18d1474b2c3b9a105609f1_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-17_ca1edd431b18d1474b2c3b9a105609f1_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\folder\convention.exe"C:\Program Files\folder\convention.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
390KB
MD50ac687975bfcb6188d0e13bbd7d36cad
SHA1f415b22d3860ad9ab80ee93124df1cce0c88fbaa
SHA2564d4b4d2bbe2fa38e4c9ff836a6dc2065cf97bd72b2c094b3d2469d6143363fbf
SHA51209c82dd1ed0c50a0fbc2ab405e3b9afda42be57775611b78722eeaa80fbed41c49e85f174d4d54cc9a485c8e78f52819d5076a8aab37da609ce4cf7955107ac5