Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19/03/2024, 19:57
General
-
Target
2024-03-19_ed641dc5e7340d385253f7fa97734ce9_icedid.exe
-
Size
267KB
-
MD5
ed641dc5e7340d385253f7fa97734ce9
-
SHA1
66bb9aa15cb0e5d50d43fa40eaaf72f9aaf72fac
-
SHA256
7382746b3a6f547c447a2a4ece56236e5e8d771515b1f96815b97bed312f4bfa
-
SHA512
0ad2acdfbd23224b0b82880a984af1d21261f627c3170f9baf447b1d45a51b58aa01ba4aec5d88e31477c02fc3de5100d22c10864edcec2c96840a8d326f84f6
-
SSDEEP
3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_ed641dc5e7340d385253f7fa97734ce9_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-19_ed641dc5e7340d385253f7fa97734ce9_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\parameter\lpszRootPath.exe"C:\Program Files\parameter\lpszRootPath.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
267KB
MD54935914623c1f7bc71f23e2d82e836ac
SHA15daac4f2a97f37fb1ae033ed8b74d80b0de78e5a
SHA256ae79baec00c0cab1000f427fb151bd33d579775ee7e330c556f61444262fe7a8
SHA5127d848673aef34015c15d4d6ebcf4b1259a8e8b4e513189cb4d22a2c029ce160f7323a89ef1f20a311e3ab88f79876f52d4686723b7484c0aee6fb9be44479f1a