Overview

overview

3

Static

static

3

2024-04-10...id.exe

windows7-x64

1

2024-04-10...id.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 19:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-10_7a87f1ce26fa5c12b1cafeabd2d1570e_icedid.exe

  • Size

    1.9MB

  • MD5

    7a87f1ce26fa5c12b1cafeabd2d1570e

  • SHA1

    25935a27c77734b6fe655eb1dd4158b6fa6ac568

  • SHA256

    e1a4edf408f248383a90d5c92bd5f3641986658f6cfe6a4892863e8f30d0ffa6

  • SHA512

    678c88316e985dc4160dec3d67b9c3c8915487c3bae19e803a5f58735a97f5c4f3503f7fe266db530d301a69a8ac3e532ee384af66d7b318fd549fbd7c12e7ee

  • SSDEEP

    49152:m6ikU0bnaT6VESGIJ20KcPYN2t+5pWNqxyyIq3xrpj8yNvY1R4P7HjC2KymhuXJV:jbLVEetDAN2tEpxyyIq3xrpj8yNvY1Ry

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: MapViewOfSection 12 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1112
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1176
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
          PID:1200
          • C:\Users\Admin\AppData\Local\Temp\2024-04-10_7a87f1ce26fa5c12b1cafeabd2d1570e_icedid.exe
            "C:\Users\Admin\AppData\Local\Temp\2024-04-10_7a87f1ce26fa5c12b1cafeabd2d1570e_icedid.exe"
            2⤵
            • Suspicious behavior: MapViewOfSection
            • Suspicious behavior: RenamesItself
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1412
        • C:\Windows\system32\Dwm.exe
          "C:\Windows\system32\Dwm.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:828
          • C:\Windows\system32\WerFault.exe
            C:\Windows\system32\WerFault.exe -u -p 828 -s 348
            2⤵
              PID:1652
          • C:\Windows\system32\Dwm.exe
            "C:\Windows\system32\Dwm.exe"
            1⤵
              PID:2344

            Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • memory/1200-31-0x0000000002B40000-0x0000000002B41000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/1200-33-0x0000000002B40000-0x0000000002B41000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/1200-34-0x0000000001DA0000-0x0000000001DA2000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/1200-38-0x0000000001DA0000-0x0000000001DA2000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/1412-0-0x0000000000400000-0x00000000005CE000-memory.dmp

                    Filesize

                    1.8MB

                    Download

                  • memory/1412-4-0x0000000000400000-0x00000000005CE000-memory.dmp

                    Filesize

                    1.8MB

                    Download

                  • memory/1412-3-0x0000000000150000-0x0000000000152000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/1412-28-0x0000000000400000-0x00000000005CE000-memory.dmp

                    Filesize

                    1.8MB

                    Download

                  • memory/1412-39-0x0000000000400000-0x00000000005CE000-memory.dmp

                    Filesize

                    1.8MB

                    Download