Analysis
-
max time kernel
148s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28/02/2024, 22:26
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe
-
Size
319KB
-
MD5
657a7ebcc6578f2b98c4b1c4ae0f3443
-
SHA1
fd2f6574e4610edeee38ee87acc63703de5a3c5c
-
SHA256
d083d057d58b411b15b076086d71ff3a772012d5e4f6f1d6229f420145db60c7
-
SHA512
d236482cf83baebfee9de639a215d4a762c40a2dd7a21a76d67057d42204b6bff2a78af3015c2f0b0aee02616c00660409029dcfde0f2567fc6b3dd1f44d599c
-
SSDEEP
3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2940 Multimedia.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files\Trip\Multimedia.exe 2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe File opened for modification C:\Program Files\Trip\Multimedia.exe 2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 5068 2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe 5068 2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe 5068 2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe 5068 2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe 2940 Multimedia.exe 2940 Multimedia.exe 2940 Multimedia.exe 2940 Multimedia.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5068 wrote to memory of 2940 5068 2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe 89 PID 5068 wrote to memory of 2940 5068 2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe 89 PID 5068 wrote to memory of 2940 5068 2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-28_657a7ebcc6578f2b98c4b1c4ae0f3443_icedid.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5068 -
C:\Program Files\Trip\Multimedia.exe"C:\Program Files\Trip\Multimedia.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
320KB
MD5b6a19d594d36f261c73d90c20486590e
SHA1cbddc2e6985edbc85a4c3e09ab4968513fe27619
SHA2566e4d783bd92f0384e8376185d211fab39dfe5373c8dbc84b144e5b93abf2cc3a
SHA512309ca313f0a952d25c32b0c455848ce7fd18ac09bcce4ccaf6444d6e0c6041042745060dbe68c386c9f2efc1b03ba7b51d9f115728ba13f4622d10210866bcc2