Overview

overview

7

Static

static

3

2024-04-15...id.exe

windows7-x64

7

2024-04-15...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2024, 06:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-15_855b909a6492895248aafe96eac9ea87_icedid.exe

  • Size

    287KB

  • MD5

    855b909a6492895248aafe96eac9ea87

  • SHA1

    c2829f912477c6ac482aaa4f0b9e7c2be09dbc8a

  • SHA256

    59fbc6a799636a83a45ecdc801058fd97ae5951c3c6fc10dbf744e3fef9541c9

  • SHA512

    c5762c770752bcaa53ad75183d9485c562821e9246794cce147b88395e73e40d953a9996ac95304161c44f5f5c614d4be1ccda4cbfe2c652ce43e1f3266b461f

  • SSDEEP

    3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-15_855b909a6492895248aafe96eac9ea87_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-15_855b909a6492895248aafe96eac9ea87_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:692
    • C:\Program Files\thatcomes\withthe.exe
      "C:\Program Files\thatcomes\withthe.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4704
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 1036
      2⤵
      • Program crash
      PID:1876
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 1040
      2⤵
      • Program crash
      PID:5080
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 196 -p 692 -ip 692
    1⤵
      PID:856
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 692 -ip 692
      1⤵
        PID:2312

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\thatcomes\withthe.exe
        Filesize

        287KB

        MD5

        c3b4603c1a5bf16b214cf61335cd0670

        SHA1

        987cc867de3e0d37a2b847a5c19411ae5fd0c2e8

        SHA256

        96d31cd9b84a5c42703cb56617c5a67c6abb291ed31c3b29338d9685eb31e667

        SHA512

        3ddadd760052e0406cc241dcad9942b7ce75cf5287080b65dbd985a3edd92bcb99c724c35ec6ec528d3d2423dfd0768d72217cdb6eeef5665a1230c33f0787f6

        Download Submit