Overview

overview

7

Static

static

3

2024-03-19...id.exe

windows7-x64

7

2024-03-19...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 14:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-19_99255fb1f2146524b31f9046d7ffc1c2_icedid.exe

  • Size

    418KB

  • MD5

    99255fb1f2146524b31f9046d7ffc1c2

  • SHA1

    61e2f0e259dd3f555ec6559fb98e58f3a126452a

  • SHA256

    da8ced0d38382d0717d8f7fd859631ce8a138c396a8b702ca2a18ed4e884dd0c

  • SHA512

    521353b565aabfb7939293abc8b8ec7e742785c8c22c17ef32f43a1fdb925e40810995b1f95fdfcee6fb324f379a93cbdd45af8813f94db6c4d7741dce0f4160

  • SSDEEP

    12288:mplrVbDdQaqdS/ofraFErH8uB2Wm0SX/Nr5FU:CxRQ+Fucuvm0a/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-19_99255fb1f2146524b31f9046d7ffc1c2_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-19_99255fb1f2146524b31f9046d7ffc1c2_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Program Files\runtime\redistribution.exe
      "C:\Program Files\runtime\redistribution.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\runtime\redistribution.exe
    Filesize

    256KB

    MD5

    26cd389b3f58d4645b2e7ea901313afb

    SHA1

    27a676be6cb56b59b9efb2a537b35c0848dc1daa

    SHA256

    a176665b0cf8b900ed402c27c171e092f0f26dd3fd4b9aa9a157f02ad414698d

    SHA512

    ce751ceba679566536a248fdd75c2f10cf3a76101170e506ce628760d31c77f4e7a6b6ae7fcfa8a8c1413ee28062109bed1fb1aff21aee18a5cb11ee9861aca9

    Download Submit

  • \Program Files\runtime\redistribution.exe
    Filesize

    418KB

    MD5

    b888858b646b01f1120c54f25650b191

    SHA1

    6b6700f653c4aebe19912f438a8e5e42beb588b0

    SHA256

    98e0b522e392f1d33c6bd207779a8c881603cc3a369217451083fc8f951f93da

    SHA512

    119ba3ecb1e1d26c8d69fdf26f2940475c1e964fed53ca9e8a345dc5645ff01c453695b06269752f050648900bb19b82b48b1facf7f4a625c1954a7cbc7ddef9

    Download Submit

  • memory/2216-0-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2216-9-0x0000000002770000-0x00000000028E3000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2216-11-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2228-10-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2228-12-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download