5b6a656af7227a67cb73e1cb9cd9bdf2081ef2c2cd7c1f98e7f83a08f2d18172

Analysis

max time kernel
91s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25-02-2024 10:34

Target

2024-02-25_c79e59a7de3e788c2de13fa9a77af891_icedid.exe
Size

429KB
MD5

c79e59a7de3e788c2de13fa9a77af891
SHA1

03968a6b9db26691b2d095f71d258e921e9f03e6
SHA256

5b6a656af7227a67cb73e1cb9cd9bdf2081ef2c2cd7c1f98e7f83a08f2d18172
SHA512

3c8f6e44fce5d9fe205126109f191b607b9eee05150e221b39b2af3192a0f9f0d2aa7a2a3313a1dbbccffb5ff5d3732b496465b92b10ce323e4c67a030f54585
SSDEEP

12288:RplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:jxRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1020	Tool.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Diagnostic\Tool.exe	2024-02-25_c79e59a7de3e788c2de13fa9a77af891_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5012 wrote to memory of 1020	5012	2024-02-25_c79e59a7de3e788c2de13fa9a77af891_icedid.exe	88
PID 5012 wrote to memory of 1020	5012	2024-02-25_c79e59a7de3e788c2de13fa9a77af891_icedid.exe	88
PID 5012 wrote to memory of 1020	5012	2024-02-25_c79e59a7de3e788c2de13fa9a77af891_icedid.exe	88

C:\Program Files\Diagnostic\Tool.exe

Filesize
429KB

MD5
71b814fecbfd03325cab119c6b0ebd17

SHA1
80f70cd233a90e9223b5dea7a996d7ec8ed2b3af

SHA256
c26271593cb476ae8d0c0fef8c8f32e46705e62f65ab43b254d66679fc5651f9

SHA512
44cf52747d543070d48c17e3503000b68584d2e38ee2e019fc01204002b80c42283498397564ad092673f1da4e8202289a9a366d03e8bc1c606292a740dd6de6

Download Submit