9f6eff28a6c0953dce2fded08ddc2dbc7889915c670361d3e29277467b144855

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 18:50

Target

2024-03-12_4dd3740eb2b727fc42fa223467be7157_icedid.exe
Size

429KB
MD5

4dd3740eb2b727fc42fa223467be7157
SHA1

1b0854f7aaa7ee8213c102e385fabcdb765f857b
SHA256

9f6eff28a6c0953dce2fded08ddc2dbc7889915c670361d3e29277467b144855
SHA512

a4298cd70d426dbef9b57bcb4e4809e797fce70d558f5bec1a16ce1500928058671cc9436e3b9ca6ced751f7628a7e0e0bbc04d51be197b6e2fb68d6fa762c93
SSDEEP

12288:eplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:KxRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
880	agreements.exe

Loads dropped DLL 2 IoCs

pid	Process
2512	2024-03-12_4dd3740eb2b727fc42fa223467be7157_icedid.exe
2512	2024-03-12_4dd3740eb2b727fc42fa223467be7157_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\contained\agreements.exe	2024-03-12_4dd3740eb2b727fc42fa223467be7157_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 880	2512	2024-03-12_4dd3740eb2b727fc42fa223467be7157_icedid.exe	28
PID 2512 wrote to memory of 880	2512	2024-03-12_4dd3740eb2b727fc42fa223467be7157_icedid.exe	28
PID 2512 wrote to memory of 880	2512	2024-03-12_4dd3740eb2b727fc42fa223467be7157_icedid.exe	28
PID 2512 wrote to memory of 880	2512	2024-03-12_4dd3740eb2b727fc42fa223467be7157_icedid.exe	28

\Program Files\contained\agreements.exe

Filesize
429KB

MD5
bc36e7810098f9b0fc1d19f72230a140

SHA1
12882c648bed29babe7df664d5989bee5bbec3f4

SHA256
b82f647e20bb9521079eec06423d22ebb88669676a31c4ea10c7e504f2e0e7a2

SHA512
bda69545e27a05570c03e6951f943127dfa95247d013261451bc9dfffc755ec4a81f56f0a2e50ca38aceb4279aff92070a9f8b6a0a4d66337d7d4e3f26d6590f

Download Submit