98d841f951dfdd3c9402b08ece5b2421a741faa9fb146f1ea55ee6b96a494c82

Analysis

max time kernel
154s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 10:43

Target

2024-03-16_45462c73103d7bd6ff3bd68ee8a7dc86_icedid.exe
Size

275KB
MD5

45462c73103d7bd6ff3bd68ee8a7dc86
SHA1

15b6731e63a315e674e58cdc83c6111a3e83a0d9
SHA256

98d841f951dfdd3c9402b08ece5b2421a741faa9fb146f1ea55ee6b96a494c82
SHA512

fcc62b13b5c7d9c4378a63e4eee4854f8b2c086ec03098149a11e8eafa49db3d2b0d59733033ac6636684d74246a32912b48480dbef073795c4e56e2a6ef2d7d
SSDEEP

3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4856	.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\.exe	2024-03-16_45462c73103d7bd6ff3bd68ee8a7dc86_icedid.exe
File opened for modification	C:\Program Files\.exe	2024-03-16_45462c73103d7bd6ff3bd68ee8a7dc86_icedid.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4608	3244	WerFault.exe	86
2052	3244	WerFault.exe	86

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 4856	3244	2024-03-16_45462c73103d7bd6ff3bd68ee8a7dc86_icedid.exe	88
PID 3244 wrote to memory of 4856	3244	2024-03-16_45462c73103d7bd6ff3bd68ee8a7dc86_icedid.exe	88
PID 3244 wrote to memory of 4856	3244	2024-03-16_45462c73103d7bd6ff3bd68ee8a7dc86_icedid.exe	88

C:\Users\Admin\AppData\Local\Temp\2024-03-16_45462c73103d7bd6ff3bd68ee8a7dc86_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-16_45462c73103d7bd6ff3bd68ee8a7dc86_icedid.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files\.exe
  "C:\Program Files\\.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 1036
  2⤵
  - Program crash
  PID:4608
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 1020
  2⤵
  - Program crash
  PID:2052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3244 -ip 3244
1⤵
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3244 -ip 3244
1⤵
PID:3940

C:\Program Files\.exe

Filesize
275KB

MD5
28da8089ee9520939a4559085c004809

SHA1
284bec23bc90622abeee4d49a00bc3c0ac152070

SHA256
4de901064bafd7c5a9c6b61b91491ddb42ed2b39655f66788734e1ba09a040ff

SHA512
db850337f0924f55bf2285734989c22384fff0bcbb5f56f9422a7887542c93e1757ffd75274dac8c6d7afe0959490d5e0698896e49844f67f491c46836ad6c1d

Download Submit