Overview

overview

7

Static

static

3

2024-03-28...id.exe

windows7-x64

7

2024-03-28...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-03-2024 00:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-28_378e90786a62ac42d08e146244fa6cde_icedid.exe

  • Size

    419KB

  • MD5

    378e90786a62ac42d08e146244fa6cde

  • SHA1

    6fbf2f28fe650d803c2d9c794d578af9fe675bf9

  • SHA256

    94edd6d50c27b6f22b5d2dc16bf202773718355c589d73bd9f3cbea838609f6b

  • SHA512

    187d596a3b6a6456fc967b86609c4857f6bc9646837d1ce203b4f3d320f54084169a3fdeced1a5906cf5c95d3851a0f01e04d038681b2f981213b5aab088b213

  • SSDEEP

    12288:mplrVbDdQaqdS/ofraFErH8uB2Wm0SX/Nr5FU:CxRQ+Fucuvm0a/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-28_378e90786a62ac42d08e146244fa6cde_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-28_378e90786a62ac42d08e146244fa6cde_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Program Files\lpszRootPath\points.exe
      "C:\Program Files\lpszRootPath\points.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\lpszRootPath\points.exe
    Filesize

    419KB

    MD5

    25cb4cdb23d27cfac7eb6e32397f7cda

    SHA1

    5ec4ee0d960b1a87f45dbde3e6bea7e19f77bf8e

    SHA256

    17e23bf988eff73f446a3b3273b0b27dbc9bd1b836048a8de83778d6107e5dc1

    SHA512

    cea7474783be4be63e175d4a1599f37fcebec62bf4248d20178d70c8669959d33088b23de90c4c8927a35c2bc5f89b225d638960d4f879934a77b8e783369442

    Download Submit

  • memory/1612-0-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1612-10-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1612-9-0x0000000002620000-0x0000000002793000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1612-11-0x0000000002620000-0x0000000002793000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1612-13-0x0000000002620000-0x0000000002793000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1676-12-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1676-14-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download