7d642f0260c2bcd9e36a62a461d97f4c4adfe0be882f9d6b3baabe44527e6767

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 09:46

Target

2024-03-13_9125c64966fcb29a1dc5f98d551f10d2_icedid.exe
Size

279KB
MD5

9125c64966fcb29a1dc5f98d551f10d2
SHA1

dfbc49935ce1637536d129fb57c25cc9970ea55e
SHA256

7d642f0260c2bcd9e36a62a461d97f4c4adfe0be882f9d6b3baabe44527e6767
SHA512

7dfc66d798ad7494cc662f429dc72c69d0d62d61db470bef278e68d4ac59ca0716b4d36192a7279abea307267a1eef050a3462827958155baf4cfd5052bb04c4
SSDEEP

3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
656	Inside.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Brockschmidt\Inside.exe	2024-03-13_9125c64966fcb29a1dc5f98d551f10d2_icedid.exe
File opened for modification	C:\Program Files\Brockschmidt\Inside.exe	2024-03-13_9125c64966fcb29a1dc5f98d551f10d2_icedid.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4392	3428	WerFault.exe	88
4728	3428	WerFault.exe	88

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3428 wrote to memory of 656	3428	2024-03-13_9125c64966fcb29a1dc5f98d551f10d2_icedid.exe	89
PID 3428 wrote to memory of 656	3428	2024-03-13_9125c64966fcb29a1dc5f98d551f10d2_icedid.exe	89
PID 3428 wrote to memory of 656	3428	2024-03-13_9125c64966fcb29a1dc5f98d551f10d2_icedid.exe	89

C:\Users\Admin\AppData\Local\Temp\2024-03-13_9125c64966fcb29a1dc5f98d551f10d2_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-13_9125c64966fcb29a1dc5f98d551f10d2_icedid.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Program Files\Brockschmidt\Inside.exe
  "C:\Program Files\Brockschmidt\Inside.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 1012
  2⤵
  - Program crash
  PID:4392
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 1020
  2⤵
  - Program crash
  PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3428 -ip 3428
1⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3428 -ip 3428
1⤵
PID:3152

C:\Program Files\Brockschmidt\Inside.exe

Filesize
279KB

MD5
b8dbe77714e09511667b1fe75481be8e

SHA1
3c08b00b8e68a51a16097e097825cb45dd5f2aed

SHA256
e57c12ee976ba0f3aec3e6c1f20c09cc9c971827e09f3881a3502033d89f45fa

SHA512
6b8617877dfcce14b5c2713ffe2ce0a5d91fba5fa15ea0f63daa2c8fed0066b60d0da7130f97eaad234110308f8ffd500b3f6aa4207fbde258aecc08a39d0346

Download Submit