Overview

overview

7

Static

static

3

2024-03-12...id.exe

windows7-x64

7

2024-03-12...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2024, 05:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-12_025293c372f6c4e8d455760f15813793_icedid.exe

  • Size

    384KB

  • MD5

    025293c372f6c4e8d455760f15813793

  • SHA1

    6fc9d13202dec9391dbf5bbb983bd7a24edff085

  • SHA256

    bafd7ab22e1a2744d4b6184f2b8ad2d23d152cb48900e3ca863f2a6508ae7d69

  • SHA512

    8cce26b0e5634644c6580575e2af824f7c0fcae6961fdfa1edd4346ced3ca1fbf5bd9a97e8b160743119cb945d02896bae15a716acfa17798025ee5203011e35

  • SSDEEP

    12288:uplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:axRQ+Fucuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-12_025293c372f6c4e8d455760f15813793_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-12_025293c372f6c4e8d455760f15813793_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Program Files\Suppress\status.exe
      "C:\Program Files\Suppress\status.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:5100
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=2272,i,1589057049575649654,2929151440327217574,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1236

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files\Suppress\status.exe
            Filesize

            384KB

            MD5

            8c23572163dfa925f57ba7f402c89b78

            SHA1

            85564196cc76652445143ec6e13505310a8188a1

            SHA256

            8f5e2170af9af92d4913d9758c71b662b7ffe60e4970ad17c52de88276cacd59

            SHA512

            17c9e88032236abff18b9154074cf9f42e3f234d4e72dba59fb99adb9599fff336090a7cb32671ba7e2ea0d1d46a5b2f0ae20e06b04288af6a2eac440290dea2

            Download Submit