5e24978d25f3d76bb1bcd4f3511d484ce46f213f68f76dfa6b6cc00c434055bb

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 00:53

Target

2024-03-28_d4471c96afab3d342cc6d992d80ed0cc_icedid.exe
Size

427KB
MD5

d4471c96afab3d342cc6d992d80ed0cc
SHA1

59db190af65f7e0195dfc0d2c43dc793f85452d9
SHA256

5e24978d25f3d76bb1bcd4f3511d484ce46f213f68f76dfa6b6cc00c434055bb
SHA512

7422dbed492c5ad59394c212d771af752b3dcc9aeb098dd1ad39e5dde02643b46512afd982e6506e8eb0119236ea3c4a56001eb0abb9fb7c57dba22b5de61782
SSDEEP

12288:3plrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:ZxRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2052	system.exe

Loads dropped DLL 2 IoCs

pid	Process
2256	2024-03-28_d4471c96afab3d342cc6d992d80ed0cc_icedid.exe
2256	2024-03-28_d4471c96afab3d342cc6d992d80ed0cc_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\necessary\system.exe	2024-03-28_d4471c96afab3d342cc6d992d80ed0cc_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2052	2256	2024-03-28_d4471c96afab3d342cc6d992d80ed0cc_icedid.exe	28
PID 2256 wrote to memory of 2052	2256	2024-03-28_d4471c96afab3d342cc6d992d80ed0cc_icedid.exe	28
PID 2256 wrote to memory of 2052	2256	2024-03-28_d4471c96afab3d342cc6d992d80ed0cc_icedid.exe	28
PID 2256 wrote to memory of 2052	2256	2024-03-28_d4471c96afab3d342cc6d992d80ed0cc_icedid.exe	28

\Program Files\necessary\system.exe

Filesize
427KB

MD5
04a3762ee91d318c9356f030c66d2bc7

SHA1
197367612480179bd04d4e13b7e61af069e90c7c

SHA256
70b253ba3ea34aa1a5c64048aa29d267700e5adb21c8cb237fb68f202db2ce09

SHA512
7ebf48c8c364558e82ea8aea827713c3f640fc215318315d999d314825821c84299934d8f58e4b14e522e3f392218cad73aec37ea090366be9e1245f32096546

Download Submit