Overview

overview

7

Static

static

3

2024-03-18...id.exe

windows7-x64

7

2024-03-18...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 18:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-18_67c60ca238af176fe598aebeb1eeb0bc_icedid.exe

  • Size

    417KB

  • MD5

    67c60ca238af176fe598aebeb1eeb0bc

  • SHA1

    04085933e2f131921e5c4f3c48acacbab3f85d4b

  • SHA256

    5d15799536a88f755a6bfaac9ae8380e74c2f59fa40311e3f8296b9313777407

  • SHA512

    cc2de29b4b354c55b7fb047605db351575e608779fbdce64fdf5df07726ffc3bcd3bed0e61b26579ec1eb244d6b485ef3455b498b817ba05faaf6db80549c3d9

  • SSDEEP

    12288:/plrVbDdQaqdS/ofraFErH8uB2Wm0SX/Nr5FU:RxRQ+Fucuvm0a/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-18_67c60ca238af176fe598aebeb1eeb0bc_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-18_67c60ca238af176fe598aebeb1eeb0bc_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2800
    • C:\Program Files\Morgan\Kaufmann.exe
      "C:\Program Files\Morgan\Kaufmann.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Morgan\Kaufmann.exe
    Filesize

    244KB

    MD5

    4c9499a1c3cc7e0af090fb0c66e86845

    SHA1

    401818b789ec76a942e6c388c1a1ab1c32f24f46

    SHA256

    411692379c0ba7fb7dc77dac09d84014fbb4e13b181b2f073c3d17915d4c7b07

    SHA512

    78b62b68198b3050dfde75f912185e1212012d716411cca68aafd4b388f3bff26402e27a02cf1c821ead5d857ea476a37d081f067b8720fcec488c32caf9be6e

    Download Submit

  • C:\Program Files\Morgan\Kaufmann.exe
    Filesize

    177KB

    MD5

    74f14d62f5b3c2dd64ef8d0c51b28bd7

    SHA1

    07ab48ccba433e5c0fed1edefe329c1b808acecd

    SHA256

    94721948077002420c1b2334dc0c0ff4839784b0bdfca11426d726f19c026202

    SHA512

    addf0f35caed0b7ccbc2598b977f0337c6f1b633cc060dfede74f52480feb84cb958c9709f68e20b2986ac77f70a31f5177193beddd99c6753ec9676caebb84b

    Download Submit

  • memory/544-6-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/544-7-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2800-0-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2800-5-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download