ecb7ab411c03755e0567ff40f0ee13bb9b59e63910d70b5677d8247298af25d9

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-03-2024 07:28

Target

2024-03-19_d04c03278140457cdad36752b9892a8e_icedid.exe
Size

430KB
MD5

d04c03278140457cdad36752b9892a8e
SHA1

e4a4f03a41392352da49510915067ee3f49a3e09
SHA256

ecb7ab411c03755e0567ff40f0ee13bb9b59e63910d70b5677d8247298af25d9
SHA512

23b902df865834add5aea3e9b7c6650d3ca6800313620376e11f12e3fecbd59139b79f040545d9d1c88657f477bf851e98e4f17df87b0c6ac9ef60b3df50a951
SSDEEP

12288:EplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:AxRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2152	reporting.exe

Loads dropped DLL 2 IoCs

pid	Process
2004	2024-03-19_d04c03278140457cdad36752b9892a8e_icedid.exe
2004	2024-03-19_d04c03278140457cdad36752b9892a8e_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\progress\reporting.exe	2024-03-19_d04c03278140457cdad36752b9892a8e_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2152	2004	2024-03-19_d04c03278140457cdad36752b9892a8e_icedid.exe	28
PID 2004 wrote to memory of 2152	2004	2024-03-19_d04c03278140457cdad36752b9892a8e_icedid.exe	28
PID 2004 wrote to memory of 2152	2004	2024-03-19_d04c03278140457cdad36752b9892a8e_icedid.exe	28
PID 2004 wrote to memory of 2152	2004	2024-03-19_d04c03278140457cdad36752b9892a8e_icedid.exe	28

C:\Program Files\progress\reporting.exe

Filesize
430KB

MD5
86effcc6bd7f3036ec353db8d62b96ce

SHA1
3e41ff2f2a305037a6ecae6060280d2edd366354

SHA256
1a898303e4b39e3ef8ec9590eb8df316d39e85cebaa1ca817f34493543b30266

SHA512
6978f00c04124edc7aa6781cc91621181d54e68d21d55ed78d36726d62e2d018b50954f52d7e1a27772fab2d34f637f42d390ca5f5670d24a1f9bdae3223fa16

Download Submit