Overview

overview

7

Static

static

3

2024-04-15...id.exe

windows7-x64

7

2024-04-15...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/04/2024, 23:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-15_1ffc76c6f52e1e4237b16f640e964930_icedid.exe

  • Size

    420KB

  • MD5

    1ffc76c6f52e1e4237b16f640e964930

  • SHA1

    f2a77e6693ab756d141fa871921c6767c526ac92

  • SHA256

    1921dcbe0bb0df618125a1f800e947dc379749ad4e1b7cb6aa0db34392e0c2ba

  • SHA512

    b7a6385c0bf58c00f9b74d201c67924e20e0459eeff2aa817e32e735aab9aabc8002d95a8553bea39aa7e6949fc27566a51e146ad88efd21480015fdba6cb359

  • SSDEEP

    12288:uplrVbDdQaqdS/ofraFErH8uB2Wm0SX/Nr5FU:axRQ+Fucuvm0a/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-15_1ffc76c6f52e1e4237b16f640e964930_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-15_1ffc76c6f52e1e4237b16f640e964930_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Program Files\American\French.exe
      "C:\Program Files\American\French.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\American\French.exe
    Filesize

    420KB

    MD5

    57be3413771d887bb70579e83fd1ee3a

    SHA1

    42bd840307d55f282cadb41646fbfc7a0bf95ad5

    SHA256

    7933f21c4bed74fe31ce02cb9b8f8dd38d2d5eda392a8b709a5c4aa6846beb03

    SHA512

    6a8045454899cc6980ddefb6da5635cd4cf58c0b483b8bdb0235aad6d51cf573b65ea23a707aac9515d2dcb3b8fc175dcf28d51de8be4c494d93e8970f08d03b

    Download Submit

  • memory/1792-11-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1792-12-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1976-0-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1976-10-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1976-8-0x00000000026E0000-0x0000000002853000-memory.dmp

    Filesize

    1.4MB

    Download