2ae623a6dbefd56b2de60cba050b0c0b67978ecd79c2d0527d038e2f1d352272

Analysis

max time kernel
119s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-04-2024 18:49

Target

2024-04-05_cc034a618c8be27843678a013c51075b_icedid.exe
Size

386KB
MD5

cc034a618c8be27843678a013c51075b
SHA1

7a147522ce019183bb165f91cb66c0e16c854d26
SHA256

2ae623a6dbefd56b2de60cba050b0c0b67978ecd79c2d0527d038e2f1d352272
SHA512

abca7847145743bdbe019f9815df0b84054205eafda24f65ed77b9cdb177239a11859cb475440c9875d8005485f58dabe60933ee64a089ac39befe09b47de4d1
SSDEEP

12288:dplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:/xRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2692	Brazil.exe

Loads dropped DLL 2 IoCs

pid	Process
1968	2024-04-05_cc034a618c8be27843678a013c51075b_icedid.exe
1968	2024-04-05_cc034a618c8be27843678a013c51075b_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\ortuguese\Brazil.exe	2024-04-05_cc034a618c8be27843678a013c51075b_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2692	1968	2024-04-05_cc034a618c8be27843678a013c51075b_icedid.exe	28
PID 1968 wrote to memory of 2692	1968	2024-04-05_cc034a618c8be27843678a013c51075b_icedid.exe	28
PID 1968 wrote to memory of 2692	1968	2024-04-05_cc034a618c8be27843678a013c51075b_icedid.exe	28
PID 1968 wrote to memory of 2692	1968	2024-04-05_cc034a618c8be27843678a013c51075b_icedid.exe	28

\Program Files\ortuguese\Brazil.exe

Filesize
387KB

MD5
3edeaa8f6b1283c026f451ff98a5f141

SHA1
9e97d1c7b14e3fad8eb0d76fd0b853024e8888fc

SHA256
d542b5d49db22b8533f6907096cd1fae695abf2b1380608dc57f3dcd6d6a44b8

SHA512
1df7859cd851f04a5d7e625fb78dd20d79feac9ddac4aa99b9352534ee977fdde74712443e6960cbdd62bf8905078716704fae9de7169683eb42b9bb2ba843fe

Download Submit