Overview

overview

7

Static

static

3

2024-04-09...id.exe

windows7-x64

7

2024-04-09...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-04-2024 04:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-09_faa1fe020c5a9afa7e7052d6ea26cc05_icedid.exe

  • Size

    421KB

  • MD5

    faa1fe020c5a9afa7e7052d6ea26cc05

  • SHA1

    7a8fc7278f5630e15e816a5a8afd0b5e27e821ed

  • SHA256

    120a3f7c5906b8236786f219137f5340b61c56663f64388bb7a26b8b9fae5684

  • SHA512

    876ad149ca41bccd4323ecddef3f4f1a33021dc0bb45fa7b73003e5f8d22805cdf0e14a912abacd60e0f6c43cbca2ab468c4960344e13ee8a35cb5b72c4ae50f

  • SSDEEP

    12288:/plrVbDdQaqdS/ofraFErH8uB2Wm0SX/Nr5FU:RxRQ+Fucuvm0a/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-09_faa1fe020c5a9afa7e7052d6ea26cc05_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-09_faa1fe020c5a9afa7e7052d6ea26cc05_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3656
    • C:\Program Files\shipped\against.exe
      "C:\Program Files\shipped\against.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2028
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3940 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:520

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\shipped\against.exe
      Filesize

      421KB

      MD5

      f4ccd4a7d15f3b65d172ebe75328efc0

      SHA1

      8550ee90bd020eacf966ac50a330147fd33c2492

      SHA256

      c3a65aa43fd7a5fe55d0ddd27213bf6b05c40be99d90d30152b35acbb83ba60e

      SHA512

      5593288c5dc4900b35f7c20b1814e729620c495721bd7589d28c8833f717e382ca452916eeacf9d37bfebd9baf03fcf672a0a4b589fc78668a35c917a3ded6f1

      Download Submit

    • memory/2028-5-0x0000000000400000-0x0000000000573000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2028-7-0x0000000000400000-0x0000000000573000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3656-0-0x0000000000400000-0x0000000000573000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3656-6-0x0000000000400000-0x0000000000573000-memory.dmp

      Filesize

      1.4MB

      Download