78546311cb3ef7622f6f1c7c66e2e8c0f95b7f37081d12f11adf5f5d4dbbb532

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 07:52

Target

2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe
Size

390KB
MD5

dbbf4fd1b98e12c724b05e13db11bb64
SHA1

474253119ef1771f696ef631b9172ac84016b145
SHA256

78546311cb3ef7622f6f1c7c66e2e8c0f95b7f37081d12f11adf5f5d4dbbb532
SHA512

9a7d2e502cdf94628866d5abd1ada198984b5ff55830aaacd4f0bd3eabf4557a0717a92d34c5d3927b5388c09578d042c4bf3ba578594ffe6217b3df5ba8d2bb
SSDEEP

12288:KplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:mxRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2516	Trip.exe

Loads dropped DLL 2 IoCs

pid	Process
2244	2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe
2244	2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Publishers\Trip.exe	2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2516	2244	2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe	28
PID 2244 wrote to memory of 2516	2244	2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe	28
PID 2244 wrote to memory of 2516	2244	2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe	28
PID 2244 wrote to memory of 2516	2244	2024-04-11_dbbf4fd1b98e12c724b05e13db11bb64_icedid.exe	28

\Program Files\Publishers\Trip.exe

Filesize
391KB

MD5
f68af327a9410f6a50de0c761a6a7cfc

SHA1
ed326581c535eb3cd418791868b177808d7c3b98

SHA256
08d158e84ddef95b7d116ad54707f5192f938d9dff0f9ab1bc6fdfee39f5c820

SHA512
23a9d4278180b5e684fa867bf4e456ac95ad6c45a221c0765064a103b5de7017d04ae170c0261187d6569f657e0cfbd8ef59d2561c4df73138398394581da3b9

Download Submit