Overview

overview

7

Static

static

3

2024-03-12...id.exe

windows7-x64

7

2024-03-12...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12-03-2024 22:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-12_cf37adfb38fc653ab119d193f603f7c5_icedid.exe

  • Size

    281KB

  • MD5

    cf37adfb38fc653ab119d193f603f7c5

  • SHA1

    99058a52a3af17bac6f352a34da2c18df4dfdf97

  • SHA256

    5c9646c2a4923b16a34da182b3db45fa9eb39aef748f4ce2c65952bb6b331ca9

  • SHA512

    2fa66ec2612d44ab269ce386f8edabd410bce788d98d5594278ae670c7a641d651b1e1e2ee1a0b131efd31522472f05972c4986615b2e81ca485c5cd3baf72a6

  • SSDEEP

    3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-12_cf37adfb38fc653ab119d193f603f7c5_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-12_cf37adfb38fc653ab119d193f603f7c5_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1296
    • C:\Program Files\waysto\findout.exe
      "C:\Program Files\waysto\findout.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\waysto\findout.exe
    Filesize

    215KB

    MD5

    991e2d8f9d07974bb83742f3b6f1b3f1

    SHA1

    2ff796919f3af1c0d038f8e603bd748a4c89de34

    SHA256

    846f1d4e69b7d0e67b857ab9da534e945ca8d2222f32207462b3d3e9fa20861e

    SHA512

    9573862936c3026964adbe9b3da68a367920dc58d65dcf8b5e4e053e266af55a75c6362eff7d140883b520391402fe8998bfddfe95bc46b4578aac764fbdfca9

    Download Submit

  • C:\Program Files\waysto\findout.exe
    Filesize

    156KB

    MD5

    3b1d5a8303f99477a51bacf058f9ff88

    SHA1

    f97f20da7629c0f9f95fad547045e04c7116e232

    SHA256

    f60b98401a126ae332f519035354bb77d47d79e7ea08412719951a927d0dd485

    SHA512

    f31d01403304eeac9ee14d171c2d239410c31d1deee258b179f592ace3ef3c8e5e038e244b25d1af5f3f79d357f0c31d6b717aa8588312f241938ee12e951ec6

    Download Submit

  • \Program Files\waysto\findout.exe
    Filesize

    281KB

    MD5

    2be1b7add51e9beb11ee1ff6fca62ffe

    SHA1

    ac518c655f928fe5288b86eda1aef1eb34897ca1

    SHA256

    ac0cea4e63d5b25f1461e48c24125dcc35311ad3a4de0bf2e2b36e9d8708be09

    SHA512

    8123708b871cb2ba3dce4c65e123e6cd692b7b35b64cebf1b67a0906dd6be8b0bb6c97c5738354bfde157431c5f62dc2acdcacba0c7eb9bb647f04ee3111802d

    Download Submit

  • \Program Files\waysto\findout.exe
    Filesize

    194KB

    MD5

    9cebae6d7bb07c866429e1fa6c051203

    SHA1

    95384f96937797fbb5d59137db4a2dc854cc5cee

    SHA256

    edbec79251bcd3c80b0234dce727991f395f338d79d71242f1255d61b60a774d

    SHA512

    d618c19eeb9a05638d8620cce149b9d7821fac6bc7fb73c10523320641845e69f79d7d5c045ad947eb60cf455fab8e35bc46d54f3de603a5c470191e32d2ad9c

    Download Submit