53ec4938dec755833a567b685cade312884dae0c90b64f623a7dabef8aea34d0

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 14:23

Target

2024-03-11_03604f02f793cb121eb3713bd202ab30_icedid.exe
Size

314KB
MD5

03604f02f793cb121eb3713bd202ab30
SHA1

288e5dc6a61b602fb5001c1aa6c475ca811ec7aa
SHA256

53ec4938dec755833a567b685cade312884dae0c90b64f623a7dabef8aea34d0
SHA512

0859043f772c162a810b8611ef18ee996cf96225a4f30cbd9181dbfd34e52a35c967867dde69b7b66f492e2cd0ee391c4dd61787b60759e7f4a87211f9d5f17e
SSDEEP

3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1020	demonstrates.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\customizing\demonstrates.exe	2024-03-11_03604f02f793cb121eb3713bd202ab30_icedid.exe
File opened for modification	C:\Program Files\customizing\demonstrates.exe	2024-03-11_03604f02f793cb121eb3713bd202ab30_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 1020	3096	2024-03-11_03604f02f793cb121eb3713bd202ab30_icedid.exe	90
PID 3096 wrote to memory of 1020	3096	2024-03-11_03604f02f793cb121eb3713bd202ab30_icedid.exe	90
PID 3096 wrote to memory of 1020	3096	2024-03-11_03604f02f793cb121eb3713bd202ab30_icedid.exe	90

C:\Program Files\customizing\demonstrates.exe

Filesize
314KB

MD5
56ae375745a902ed04cf57f0bd08910d

SHA1
a4b361fd3f6a859b80c8414d5da41706eb68a93f

SHA256
db0a5e58ee51ea93a78ad78dfd989d2e7b371d2c77d8f8d6caa373036c90cef1

SHA512
67b034d2f7987872a98f1f8d4d3985ef7ddbda12b8ee210d5a3117d4646ff32c5563bba5d46d5af7ba098cdf9a387341cac274f11de57f1da69a078923558df5

Download Submit