Analysis
-
max time kernel
1s -
max time network
28s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05/04/2024, 16:43
General
-
Target
2024-04-05_abe4297c0008d6d6f620b7847e65105d_icedid.exe
-
Size
283KB
-
MD5
abe4297c0008d6d6f620b7847e65105d
-
SHA1
fa2a52ba2d6eee2874533bc9d6a596f8509da131
-
SHA256
ff7ccf11e87a8f03225a195d40a3066f3551fd858619915a9339a03c23167a83
-
SHA512
da08063a12bb589a903edb79a1cc1ea949abe5f9302b01b97f40f69e18c556c3cc267c117dc271c0b40185c24d27c4c556809780bb049d47a24b4079712da654
-
SSDEEP
3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-05_abe4297c0008d6d6f620b7847e65105d_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-05_abe4297c0008d6d6f620b7847e65105d_icedid.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\.exe"C:\Program Files\\.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2992 -ip 29921⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
284KB
MD5246d6eb2ad31af92f9edd454d3994f5a
SHA15399a2e2bd40d28a9cae3ec727de6756fdc7be1e
SHA25654f77b6f59e3e29e1a4b976ad48b60b07c233a7cd01c1d4993aa0413c52a9d22
SHA512495e9860b5079a7a92e4e1cbba8edeffb1f4ca1a6576d31f447488c501512786757eb98256c182e0216c21401fcdc3abb00cccd63ac86b7cdd5377e994d62e45