6ab20a92d95aaad533abb00d7e76feba4848d596b35e8e04cb900fe1ac5bcbdd

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
06-03-2024 03:48

Target

2024-03-06_9c8b90ad2854354b11f70550f6d7c63c_icedid.exe
Size

381KB
MD5

9c8b90ad2854354b11f70550f6d7c63c
SHA1

3adf8b02ae980af0a11167822b761decc070035f
SHA256

6ab20a92d95aaad533abb00d7e76feba4848d596b35e8e04cb900fe1ac5bcbdd
SHA512

4fff0ff176521fbb92adb2047ccf774de829ce2ba7474eee9f00fae6f681ebeeb4a26e0084aaa605d549eb7a7bb8ca94f32e7d751761917fc2fa64bc872e88ab
SSDEEP

6144:eplrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:eplrVbDdQaqdS/ofraFErH8uB2Wm0SXj

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2908	code.exe

Loads dropped DLL 2 IoCs

pid	Process
2132	2024-03-06_9c8b90ad2854354b11f70550f6d7c63c_icedid.exe
2132	2024-03-06_9c8b90ad2854354b11f70550f6d7c63c_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\managed\code.exe	2024-03-06_9c8b90ad2854354b11f70550f6d7c63c_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2908	2132	2024-03-06_9c8b90ad2854354b11f70550f6d7c63c_icedid.exe	28
PID 2132 wrote to memory of 2908	2132	2024-03-06_9c8b90ad2854354b11f70550f6d7c63c_icedid.exe	28
PID 2132 wrote to memory of 2908	2132	2024-03-06_9c8b90ad2854354b11f70550f6d7c63c_icedid.exe	28
PID 2132 wrote to memory of 2908	2132	2024-03-06_9c8b90ad2854354b11f70550f6d7c63c_icedid.exe	28

C:\Program Files\managed\code.exe

Filesize
381KB

MD5
033e3cdc98525d45b2d7ff00e09332b9

SHA1
c063be1d3fa89c993d697de6a804c6f38295ecd8

SHA256
2ca98968b98ccd61ea728164228f54d7bd4f3c5010be3f8d9a44e64b90ab221a

SHA512
9fec29af9a3350aa04e1e2c321c61e109269efd8d9e23d56cd62c43b606fd95962d0aebf4db80e40234e1637b784098b4ff05d5bffe78021def75a283ce8d5fe

Download Submit