Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/02/2024, 22:26
General
-
Target
2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe
-
Size
319KB
-
MD5
657a7ebcc6578f2b98c4b1c4ae0f3443
-
SHA1
fd2f6574e4610edeee38ee87acc63703de5a3c5c
-
SHA256
d083d057d58b411b15b076086d71ff3a772012d5e4f6f1d6229f420145db60c7
-
SHA512
d236482cf83baebfee9de639a215d4a762c40a2dd7a21a76d67057d42204b6bff2a78af3015c2f0b0aee02616c00660409029dcfde0f2567fc6b3dd1f44d599c
-
SSDEEP
3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Kaufmann\Publishers.exe"C:\Program Files\Kaufmann\Publishers.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
320KB
MD52e1c5ab1a398a91d08c9274a3ae54135
SHA18b86c6a7e5d639c0efd633bb2f1fe8361c4500c1
SHA2569557d56d625467d48a0064e2f9d825bf725b0e9416fbd7ee557b474393f7f18e
SHA5120f51158c69d4ee97b0c134a02f7ce2894fe0864bdd930e1cb3f5a083f7eb76d045252c0217ec385f33b3f8a06195658171a0a9734dd6aaa5c0a19615a0a04200