9007dd78b55dc8af009a15d87516a10c7413d1b2ca5a04e4a806c435cd2f25cc

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 21:39

Target

2024-04-10_85a77b080593db80de54f8dd04a3fc8d_icedid.exe
Size

274KB
MD5

85a77b080593db80de54f8dd04a3fc8d
SHA1

1151226b19d125d04431eede580eece57fb0c484
SHA256

9007dd78b55dc8af009a15d87516a10c7413d1b2ca5a04e4a806c435cd2f25cc
SHA512

66d462df112f5048e6ec3aeb70fc61a8e62158976db8de99c0d0d526f770d14ebd67eb9ddb7e6364d74efa22e9cad5b9748072f7550003d5f7ce819da5473f6c
SSDEEP

3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1868	Kaufmann.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Morgan\Kaufmann.exe	2024-04-10_85a77b080593db80de54f8dd04a3fc8d_icedid.exe
File opened for modification	C:\Program Files\Morgan\Kaufmann.exe	2024-04-10_85a77b080593db80de54f8dd04a3fc8d_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4368 wrote to memory of 1868	4368	2024-04-10_85a77b080593db80de54f8dd04a3fc8d_icedid.exe	84
PID 4368 wrote to memory of 1868	4368	2024-04-10_85a77b080593db80de54f8dd04a3fc8d_icedid.exe	84
PID 4368 wrote to memory of 1868	4368	2024-04-10_85a77b080593db80de54f8dd04a3fc8d_icedid.exe	84

C:\Program Files\Morgan\Kaufmann.exe

Filesize
274KB

MD5
636b7798d5636d8eeaed53e5c5b87d56

SHA1
55c95df892efe9d49d4e8bd4033a76621ec60ed6

SHA256
70294111d139f543b139bb06d0e8317c1b017e69d4cede0d6774085fba5b6fcd

SHA512
b0dd3093a4c35eece312481ffac1340c76fbfc54fd8c1715dff979f6cc809fcc1db2422fb311b7b89a226e9943cce9f4a7d465df850b2b99a4b4442f2cb35376

Download Submit