Overview

overview

7

Static

static

3

2024-03-13...id.exe

windows7-x64

7

2024-03-13...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2024, 20:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-13_4b396f6f5e7dc85f17c3f597310e2e93_icedid.exe

  • Size

    419KB

  • MD5

    4b396f6f5e7dc85f17c3f597310e2e93

  • SHA1

    95f0d1228bcba6ecf5f9093da149fc1132f93f12

  • SHA256

    b9abbf3fc2ac83e95c9be23c27f83d3a89b73e84e74d7844be53d339dc0fdeea

  • SHA512

    3f351e1610876a87fade0d5cc7bab5d6893733b39e6f74178cf88aa6d468442f5dad6f14fc7a030fa81e6d3fae58d17251eb580ff01ef60f356fd4d71a54a0b7

  • SSDEEP

    12288:WplrVbDdQaqdS/ofraFErH8uB2Wm0SX/Nr5FU:yxRQ+Fucuvm0a/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-13_4b396f6f5e7dc85f17c3f597310e2e93_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-13_4b396f6f5e7dc85f17c3f597310e2e93_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Program Files\Panel\Autorun.exe
      "C:\Program Files\Panel\Autorun.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\Panel\Autorun.exe
    Filesize

    419KB

    MD5

    f2138a57ef60f99392ae7f12af8321a4

    SHA1

    a81276393ec9423a5bda5c1a9e8bee6c1e0b14dc

    SHA256

    07b61981cedac00b37641cfd411823a42707b804c83def5d598b2cc31ada0a5c

    SHA512

    a335322a2daa22ee760b79505a201063547c700e6be7c37715e2defd2354a7a3b69473f755a25574c951973550e1b73d18c752abbaf5058d449261851a9675be

    Download Submit

  • memory/2872-0-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2872-4-0x0000000002750000-0x00000000028C3000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2872-10-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2872-9-0x0000000002750000-0x00000000028C3000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2872-14-0x0000000002750000-0x00000000028C3000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/3024-13-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/3024-15-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download