08793c4cec19f0ebba1eaba9b2a42f34ad404c73d4b082abafb99bfefdf4e3f2

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 11:53

Target

2024-03-26_b004279e52da485fc518d07fb1a5ec02_icedid.exe
Size

388KB
MD5

b004279e52da485fc518d07fb1a5ec02
SHA1

44deff1ae39ad918efb2c6201c298045b3d36981
SHA256

08793c4cec19f0ebba1eaba9b2a42f34ad404c73d4b082abafb99bfefdf4e3f2
SHA512

58b84e3d60eeae648b79351c6a89c25f1c1b7cc01d9dfbffbe28680eb28e0ff5fa6b5aa884d5b506c08909c9b30029333c48c2ac6de7f876cbd344e34c729b21
SSDEEP

12288:/plrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:RxRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3560	Education.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Inside\Education.exe	2024-03-26_b004279e52da485fc518d07fb1a5ec02_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 3560	1380	2024-03-26_b004279e52da485fc518d07fb1a5ec02_icedid.exe	87
PID 1380 wrote to memory of 3560	1380	2024-03-26_b004279e52da485fc518d07fb1a5ec02_icedid.exe	87
PID 1380 wrote to memory of 3560	1380	2024-03-26_b004279e52da485fc518d07fb1a5ec02_icedid.exe	87

C:\Program Files\Inside\Education.exe

Filesize
389KB

MD5
b560349ef1e7af7e37b0b39c374ddedf

SHA1
267cee1fd23c73f5462b47b6b638916b37f6fde7

SHA256
2fb703c236f4600e5fe1872b35ef834b7fbdf694cab84e8b680da2ee870b9c18

SHA512
1acede7d3c41c651271a71745992a5e2de753d8a176fde69842d42efdf3069c7e21872b99ee383b2f36221eab52152932d8161a5a994339c232818bbc2f0126b

Download Submit