Overview

overview

7

Static

static

3

2024-04-04...id.exe

windows7-x64

7

2024-04-04...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    04/04/2024, 20:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-04_5718e5f971c9aa14dc77dea93236fe91_icedid.exe

  • Size

    418KB

  • MD5

    5718e5f971c9aa14dc77dea93236fe91

  • SHA1

    c45dd71053868a3b3fdca8efa565ce53f98f349f

  • SHA256

    2227f5da3243980b8ebfca1d2e41d3d12596923c75e8dbec952b02cc7f16265f

  • SHA512

    6cc822b0db54e7c44458cfc83368a74314603569910132f061a566dbd94ec91e03e765da071b5e858942b51f9cc52163c1648c5851a99a4f34faf7e49b57c19e

  • SSDEEP

    12288:lplrVbDdQaqdS/ofraFErH8uB2Wm0SX/Nr5FU:XxRQ+Fucuvm0a/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-04_5718e5f971c9aa14dc77dea93236fe91_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-04_5718e5f971c9aa14dc77dea93236fe91_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Program Files\Brazil\Russian.exe
      "C:\Program Files\Brazil\Russian.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\Brazil\Russian.exe
    Filesize

    419KB

    MD5

    9b2643f529b211ff76ce8d48c05ccd40

    SHA1

    880c511fecf01a738bae80d22e2f976eefb78d08

    SHA256

    1b3395c4a486a72f60e73669bad75b0c2b8de12d878864dca360b31c0fd69cfe

    SHA512

    5aafa9df0d6d09d2f200ffcebd00901e7f8b0e30a5e5819cbfc519009d633ab2d8f85128f3bb91f98b63323992653b1ac99fd5f9666330d54951cdbfd2684f01

    Download Submit

  • memory/2356-10-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2356-12-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2884-0-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2884-9-0x0000000002760000-0x00000000028D3000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2884-11-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download