34bfa60e499f645fb2b2372927767d76e9f3ab95847ebf3b94cf488cce8d0dd4

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/02/2024, 15:34

Target

2024-02-22_54c300a3d2c46cb94c81af75209ca47d_icedid.exe
Size

381KB
MD5

54c300a3d2c46cb94c81af75209ca47d
SHA1

3895518815041beecb0272c60f5e9fff5c70fc87
SHA256

34bfa60e499f645fb2b2372927767d76e9f3ab95847ebf3b94cf488cce8d0dd4
SHA512

cafe65c6af607f5376d6d267997f028cd63445db31461a622da043f0d53fef04b5563eeeba5a316d6d6e1eb98e9b7e92807cce5e5657c13d7e838ed5714c57dc
SSDEEP

6144:pplrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:pplrVbDdQaqdS/ofraFErH8uB2Wm0SXj

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2936	library.exe

Loads dropped DLL 2 IoCs

pid	Process
2872	2024-02-22_54c300a3d2c46cb94c81af75209ca47d_icedid.exe
2872	2024-02-22_54c300a3d2c46cb94c81af75209ca47d_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\match\library.exe	2024-02-22_54c300a3d2c46cb94c81af75209ca47d_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2936	2872	2024-02-22_54c300a3d2c46cb94c81af75209ca47d_icedid.exe	28
PID 2872 wrote to memory of 2936	2872	2024-02-22_54c300a3d2c46cb94c81af75209ca47d_icedid.exe	28
PID 2872 wrote to memory of 2936	2872	2024-02-22_54c300a3d2c46cb94c81af75209ca47d_icedid.exe	28
PID 2872 wrote to memory of 2936	2872	2024-02-22_54c300a3d2c46cb94c81af75209ca47d_icedid.exe	28

\Program Files\match\library.exe

Filesize
381KB

MD5
671c0ad04f694a0e699e5c6ce7b8457a

SHA1
06e7f370e51c66261161207a35f42b4c7bff56d2

SHA256
d8350c089dcb7d4cb37f1087f3d8fef3b671f4f677de2d6ae8c36f6857d8a153

SHA512
a7d4e29690c7c6925fc6243e9e4a4b9d115f84cf8963905dc1723c295f2ca4cd9623a6379b0d01e8d7e67fa5384809f38adbc4ebce6c0245696683735eebfa5d

Download Submit