Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09-03-2024 19:47
General
-
Target
2024-03-09_2078a12499d679aa038fd75643687eb6_icedid.exe
-
Size
267KB
-
MD5
2078a12499d679aa038fd75643687eb6
-
SHA1
7495d1b5edd3806d4a634a3aee638f924f99ad68
-
SHA256
3ebaf8c58b8218d00accab15b7a0d58166d0e4a78be9636dbdc34c6ec5cc8ab6
-
SHA512
d4192cc415e89d3879947a4cc8d37e4cab2a0af768c6a99da30a9d154e8104e4ffb08b8ab9bf46aeeadc9998457af19e7df92068530c2a78ab65048e48dc52da
-
SSDEEP
3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-09_2078a12499d679aa038fd75643687eb6_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-09_2078a12499d679aa038fd75643687eb6_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Naming\Reducing.exe"C:\Program Files\Naming\Reducing.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
268KB
MD5fea3cf057f8fefce82b904d7a4e1abdb
SHA109885ce34686f9055b2091f2812ef6aa2c7d401b
SHA256cbd86b12e7d1d1af6de2f08502471c5b59f472bdaf93b7f5a9844aeb0a4d91bd
SHA512797b3fa205611bd3103aca513878ec6065b5380d0dc6da2e15da54e99776203228f1d0c1a2115db210ff7e0ae66202669a5930522e248511c172b55d855698bb