Overview

overview

7

Static

static

3

2024-02-19...id.exe

windows7-x64

7

2024-02-19...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2024, 16:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-19_3e6188936d14d773754c7da6d498cc9e_icedid.exe

  • Size

    278KB

  • MD5

    3e6188936d14d773754c7da6d498cc9e

  • SHA1

    208ca3e1863e344d198f143ce58baf7ee476ed1e

  • SHA256

    f3254f11efaf0b86ce7ded0a84e6dd589609f55e304cfdb98361face98e2c69d

  • SHA512

    af71f2644a35f154ed2d8fddee8b907ac1265d9b9375d89c1ca7e699f204615601955930228699cb5a3d083c84e03d48b546ab0fe2d1281aedd76e94f2c6feea

  • SSDEEP

    3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-19_3e6188936d14d773754c7da6d498cc9e_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-19_3e6188936d14d773754c7da6d498cc9e_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 1016
      2⤵
      • Program crash
      PID:1664
    • C:\Program Files\.exe
      "C:\Program Files\\.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1160
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 1096
      2⤵
      • Program crash
      PID:2516
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1612 -ip 1612
    1⤵
      PID:2168
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1612 -ip 1612
      1⤵
        PID:1096

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\.exe
        Filesize

        89KB

        MD5

        6eae41e6dd231dc92a2e3b3867d29bec

        SHA1

        40650b03943ac77ba57bda93c0ea25e5166d108c

        SHA256

        b72b31ee05f208bda8a9c80564f896da0b9ffeb535f052441e1cbae6336aa958

        SHA512

        fb507f8f52603c9f0a220c093bd2d2f199145954aed84885e0dbc252903bc0879c928ee6a063028b8fa4aef6769fd4c7cde10c0db0981b4a33ab816f0fee84c3

        Download Submit

      • C:\Program Files\.exe
        Filesize

        1KB

        MD5

        f8077a9002ba637816f6bc472ff1170a

        SHA1

        bc87566f4f28cb865c01d5e216c6abf5a247ba9a

        SHA256

        0fe45013a4b65e72790f7e531d58764d573b84777fc5ee62f904ff6390b8e13a

        SHA512

        394d7aaec96277052c48df7d3ab5aebf0ce2b949e429196f876dce063facaa6dbd0637b4f8db9f9d6d032c4d41cc28fca9dbae40b23366fa5be2a0d2dcdeb50d

        Download Submit