eca841bc6e4c1bc211789e08882db8768c07698094d4262bc51baebffa3b4c36

General

Target

2024-02-27_d6abc4caa424334dd360515863d15825_hacktools_icedid.exe
Size

2.9MB
MD5

d6abc4caa424334dd360515863d15825
SHA1

30e378cf8c01af57c0a449454a68ad958417ec4b
SHA256

eca841bc6e4c1bc211789e08882db8768c07698094d4262bc51baebffa3b4c36
SHA512

6e4ba048a394ec2969f52a45840bbeb4832cbccd8e45de45241c05fd06fbe2ac641335dcf9de0247ecdc00b79a7343830d7288b3eb9026eacee65d36bce8067e
SSDEEP

24576:/DQIyeMohekXKcMPorPkCMb/owzuqi1y1fxxWdEQQ7HbB0AWJvWmeP5rqnkwpiJn:/cInekog8CMLSqNlbiA8whv2nrx7q

Score

9^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 24 IoCs

resource	yara_rule
behavioral2/memory/3224-0-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-1-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-2-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-4-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-6-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-8-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-10-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-12-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-14-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-19-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-16-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-22-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-24-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-26-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-29-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-31-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-33-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-36-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-38-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-41-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-43-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-45-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-47-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX
behavioral2/memory/3224-48-0x0000000002F90000-0x0000000002FCE000-memory.dmp	UPX

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3224-0-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-1-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-2-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-4-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-6-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-8-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-10-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-12-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-14-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-19-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-16-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-22-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-24-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-26-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-29-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-31-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-33-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-36-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-38-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-41-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-43-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-45-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-47-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx
behavioral2/memory/3224-48-0x0000000002F90000-0x0000000002FCE000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3224	2024-02-27_d6abc4caa424334dd360515863d15825_hacktools_icedid.exe
3224	2024-02-27_d6abc4caa424334dd360515863d15825_hacktools_icedid.exe
3224	2024-02-27_d6abc4caa424334dd360515863d15825_hacktools_icedid.exe

C:\Users\Admin\AppData\Local\Temp\2024-02-27_d6abc4caa424334dd360515863d15825_hacktools_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-27_d6abc4caa424334dd360515863d15825_hacktools_icedid.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3224-0-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-1-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-2-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-4-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-6-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-8-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-10-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-12-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-14-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-19-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-16-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-22-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-24-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-26-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-29-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-31-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-33-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-36-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-38-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-41-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-43-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-45-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-47-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download
memory/3224-48-0x0000000002F90000-0x0000000002FCE000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing