0fe06dac85d54606de51cddba86e92b8a925024d15802b2fa2adc0553507fec3

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 01:39

Target

2024-02-25_d7a707bb3559dc872ce1bb7b181c8a62_icedid.exe
Size

391KB
MD5

d7a707bb3559dc872ce1bb7b181c8a62
SHA1

b22f6153aa259d1957077473653d35ed726654c8
SHA256

0fe06dac85d54606de51cddba86e92b8a925024d15802b2fa2adc0553507fec3
SHA512

66ddd82a289abcb951f1ad200fca0e6bbbee9bd22842c2ad0c6122be009b36772224f69d7a55b05b6f931da36c335fd339df883354bd14ba7025ac48345ab706
SSDEEP

12288:/plrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:RxRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2368	Education.exe

Loads dropped DLL 2 IoCs

pid	Process
2864	2024-02-25_d7a707bb3559dc872ce1bb7b181c8a62_icedid.exe
2864	2024-02-25_d7a707bb3559dc872ce1bb7b181c8a62_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Inside\Education.exe	2024-02-25_d7a707bb3559dc872ce1bb7b181c8a62_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 2368	2864	2024-02-25_d7a707bb3559dc872ce1bb7b181c8a62_icedid.exe	28
PID 2864 wrote to memory of 2368	2864	2024-02-25_d7a707bb3559dc872ce1bb7b181c8a62_icedid.exe	28
PID 2864 wrote to memory of 2368	2864	2024-02-25_d7a707bb3559dc872ce1bb7b181c8a62_icedid.exe	28
PID 2864 wrote to memory of 2368	2864	2024-02-25_d7a707bb3559dc872ce1bb7b181c8a62_icedid.exe	28

C:\Program Files\Inside\Education.exe

Filesize
392KB

MD5
df3c1b1d68b5b631f70760a6803ce669

SHA1
dfec69e53743725731fae65e0284ce9ab0e327b4

SHA256
ebad5db7a6185b8262e07ab9625211280ee5853294e2446ad67f817af883cbba

SHA512
526266638a44d5783de47ccf2b919697287d79b0e367a5e8e9ee64cf6595d44b6ced1ba23db3623c0cb4ee684ac11ecd0129ceefb559378c6249bf75adceb78b

Download Submit