a249d69385a676dddcc6878930e11ec4df280b3a6d58b9e9bba4489cc8a9d55f

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 13:02

Target

2024-02-25_fdef144681d1ef437e1ddcdb09f54cb7_icedid.exe
Size

278KB
MD5

fdef144681d1ef437e1ddcdb09f54cb7
SHA1

3b8dcfc6c7809abe50ca3f3ee2f604845464aadd
SHA256

a249d69385a676dddcc6878930e11ec4df280b3a6d58b9e9bba4489cc8a9d55f
SHA512

67d9ecd363461ec133d775af4d290490fb704695d1c06cb4d3394f7f484fd9afea77f883bedad35fbe676f9526f399f449a9a1b354486c94e8cfd27ee3ede5b5
SSDEEP

3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3620	.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\managed\.exe	2024-02-25_fdef144681d1ef437e1ddcdb09f54cb7_icedid.exe
File opened for modification	C:\Program Files\managed\.exe	2024-02-25_fdef144681d1ef437e1ddcdb09f54cb7_icedid.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3672	2484	WerFault.exe	84
4392	2484	WerFault.exe	84

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2484	2024-02-25_fdef144681d1ef437e1ddcdb09f54cb7_icedid.exe
2484	2024-02-25_fdef144681d1ef437e1ddcdb09f54cb7_icedid.exe
2484	2024-02-25_fdef144681d1ef437e1ddcdb09f54cb7_icedid.exe
2484	2024-02-25_fdef144681d1ef437e1ddcdb09f54cb7_icedid.exe
3620	.exe
3620	.exe
3620	.exe
3620	.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 3620	2484	2024-02-25_fdef144681d1ef437e1ddcdb09f54cb7_icedid.exe	88
PID 2484 wrote to memory of 3620	2484	2024-02-25_fdef144681d1ef437e1ddcdb09f54cb7_icedid.exe	88
PID 2484 wrote to memory of 3620	2484	2024-02-25_fdef144681d1ef437e1ddcdb09f54cb7_icedid.exe	88

C:\Users\Admin\AppData\Local\Temp\2024-02-25_fdef144681d1ef437e1ddcdb09f54cb7_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-25_fdef144681d1ef437e1ddcdb09f54cb7_icedid.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Program Files\managed\.exe
  "C:\Program Files\managed\.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3620
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 964
  2⤵
  - Program crash
  PID:3672
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 1020
  2⤵
  - Program crash
  PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2484 -ip 2484
1⤵
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2484 -ip 2484
1⤵
PID:4080

C:\Program Files\managed\.exe

Filesize
278KB

MD5
691c3f22766f4bbae20774a2b77f0f26

SHA1
f8fef3497fc2e7e402f4f931b7c60078057e6a2e

SHA256
da5733c6f30946a3cb87e96ee9c4cab13d51408ad084fe45f8fb2e7f81dc57df

SHA512
5529e32ee7dc1a5b19171c7fed1750e76bb63e084cf93f840904e8c277487d682a347875f33f9a69c464a2e2919f6e8dd03a45c303a36d2ab56088d939e599fc

Download Submit