0c7249954c103114032a4d70e7f93052b460aac12372d3ea6b4054691989c83a

Analysis

max time kernel
122s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-04-2024 04:27

Target

2024-04-06_f854fc824569debe363dced15c6b63fb_icedid.exe
Size

424KB
MD5

f854fc824569debe363dced15c6b63fb
SHA1

0f133c90e61e1cd5dccd1fcd8b1ed46c365a04a9
SHA256

0c7249954c103114032a4d70e7f93052b460aac12372d3ea6b4054691989c83a
SHA512

463a7d6d5b0a7a353694ec301852501b7653f55c4b29b048474ae713256e6e637ba59d0662e5835c22f7e2ffb34e2bf685f4b24aa53e93e126bb6bf3a50713bf
SSDEEP

12288:SplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:exRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
548	thatcomes.exe

Loads dropped DLL 2 IoCs

pid	Process
1008	2024-04-06_f854fc824569debe363dced15c6b63fb_icedid.exe
1008	2024-04-06_f854fc824569debe363dced15c6b63fb_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\library\thatcomes.exe	2024-04-06_f854fc824569debe363dced15c6b63fb_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 548	1008	2024-04-06_f854fc824569debe363dced15c6b63fb_icedid.exe	28
PID 1008 wrote to memory of 548	1008	2024-04-06_f854fc824569debe363dced15c6b63fb_icedid.exe	28
PID 1008 wrote to memory of 548	1008	2024-04-06_f854fc824569debe363dced15c6b63fb_icedid.exe	28
PID 1008 wrote to memory of 548	1008	2024-04-06_f854fc824569debe363dced15c6b63fb_icedid.exe	28

\Program Files\library\thatcomes.exe

Filesize
425KB

MD5
e175c6bc7eb509de8758dcd0b8285987

SHA1
5e3ab2552f0358ccfad007b1a569ce0be55722f5

SHA256
b1dd15d39029cb20ec84c746034d9f2c6442c4cbbe4265dda0a16d73b3ff7c06

SHA512
38b6ac597941da450915e873c43de6c38148de0a144c83ada0d7f8d48fd49f486e32a742ebe2d451f9cd5ebf921d8f8ff926266e819dbf389528303681fa5454

Download Submit