c5472813a3be3ee93dada2f8ccd2360110cee09b04ea1542e4aadcb77824cbad

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 22:46

Target

2024-03-13_b95d98f408e1528d8df4bdfb7baaf575_icedid.exe
Size

267KB
MD5

b95d98f408e1528d8df4bdfb7baaf575
SHA1

d6b6b2e277fc6fcf91383deb8070b3782c2d81f4
SHA256

c5472813a3be3ee93dada2f8ccd2360110cee09b04ea1542e4aadcb77824cbad
SHA512

5c760551329b8ef37a85181e3a0aaf29a062b2b010bdab021f2bf34bd445ec91cd892487c5c05dbb63e255a0ac5e56ddaca119e3fa4a16a58c44357c0c1fd5f3
SSDEEP

3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1016	DirectSetup.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\with\DirectSetup.exe	2024-03-13_b95d98f408e1528d8df4bdfb7baaf575_icedid.exe
File opened for modification	C:\Program Files\with\DirectSetup.exe	2024-03-13_b95d98f408e1528d8df4bdfb7baaf575_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 1016	4812	2024-03-13_b95d98f408e1528d8df4bdfb7baaf575_icedid.exe	90
PID 4812 wrote to memory of 1016	4812	2024-03-13_b95d98f408e1528d8df4bdfb7baaf575_icedid.exe	90
PID 4812 wrote to memory of 1016	4812	2024-03-13_b95d98f408e1528d8df4bdfb7baaf575_icedid.exe	90

C:\Program Files\with\DirectSetup.exe

Filesize
267KB

MD5
40f39d8de5d4c963300d92d6cdfe54dd

SHA1
97e32379e734b6fb01a61b2efe605a3a14c93fd4

SHA256
36f153159d9c1a70b385c5fc9fd1ad9eb3ecb3db954e77d558fe9dceb06ab19e

SHA512
fed16a5dcd5ae82ba8c3cb1d2930c39e675504a5e82efb0739c9610cbc33b6212dd209f58cae58c27ea591d799f47a60f23bbf9a81abe218ec8e197733327ac8

Download Submit