bb86753043ef0f2d537ee1290a9a9abab82115c0ba11a253c52d13b687f69390

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-03-2024 00:44

Target

2024-03-14_9639ffd21810af1ab82f7cd75c7cd338_icedid.exe
Size

373KB
MD5

9639ffd21810af1ab82f7cd75c7cd338
SHA1

98f3022a729fc36790e900fbc864daefe4357348
SHA256

bb86753043ef0f2d537ee1290a9a9abab82115c0ba11a253c52d13b687f69390
SHA512

80001fe832ceafe0778a082b245d4a7c0b5be4f3f47d7fba266a7d1675e0f636d3511190b312c7942d6cd838fd1e2b569bf556d469a2a6d503ea8759babb98c2
SSDEEP

6144:xplrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:xplrVbDdQaqdS/ofraFErH8uB2Wm0SXj

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2372	upgrade.exe

Loads dropped DLL 2 IoCs

pid	Process
2224	2024-03-14_9639ffd21810af1ab82f7cd75c7cd338_icedid.exe
2224	2024-03-14_9639ffd21810af1ab82f7cd75c7cd338_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\errors\upgrade.exe	2024-03-14_9639ffd21810af1ab82f7cd75c7cd338_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2372	2224	2024-03-14_9639ffd21810af1ab82f7cd75c7cd338_icedid.exe	28
PID 2224 wrote to memory of 2372	2224	2024-03-14_9639ffd21810af1ab82f7cd75c7cd338_icedid.exe	28
PID 2224 wrote to memory of 2372	2224	2024-03-14_9639ffd21810af1ab82f7cd75c7cd338_icedid.exe	28
PID 2224 wrote to memory of 2372	2224	2024-03-14_9639ffd21810af1ab82f7cd75c7cd338_icedid.exe	28

\Program Files\errors\upgrade.exe

Filesize
373KB

MD5
df24e208fc1cd93ed8da1df2d57fee84

SHA1
aa7a2fc133fb30b00f50ae18b3f5021a1420f8df

SHA256
a417cd2754bb8caeda02e22483f6441a4dc40065bcd3f9850e93df0de94b8f94

SHA512
17935963adabc073dd69660ac32a569c71238f18a2f0ceacb4d9ad406c7760d02065562b8a8ddaff83c6eb634c1dd6480546d62c0a11f40bec5b24a70e26d925

Download Submit