Overview

overview

7

Static

static

3

2024-04-17...id.exe

windows7-x64

7

2024-04-17...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 21:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-17_5af9110e7bc40ee9813873a0698d722d_icedid.exe

  • Size

    422KB

  • MD5

    5af9110e7bc40ee9813873a0698d722d

  • SHA1

    d591f36bbb87e01711e1f1598a08d8570cdb9667

  • SHA256

    7feabbdc6f1cfa128654b5d134b3ced7750514040263f5c332d2e00e0f3e8aad

  • SHA512

    cdfc78368aa1b4b2dff65320a638388096d3591cf87738ad048e98a694185efec982e84ad42f5e6c39270912f990e6ab5c5a9fb99e843947ceb40829f9bd557c

  • SSDEEP

    12288:xplrVbDdQaqdS/ofraFErH8uB2Wm0SX/Nr5FU:DxRQ+Fucuvm0a/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-17_5af9110e7bc40ee9813873a0698d722d_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-17_5af9110e7bc40ee9813873a0698d722d_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Program Files\agreement\progress.exe
      "C:\Program Files\agreement\progress.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\agreement\progress.exe
    Filesize

    422KB

    MD5

    4ac8e5ea1541b469d878bd96c784a408

    SHA1

    f1c3bc3b7c597adfd02bbd2fb46ec364ee9a1ae0

    SHA256

    20f3e0522d388f2b6b3b163c799ee10518412e32812bac171aa476fd85ca0cfe

    SHA512

    0376a61d51a9b6e89e337b5a1d832268a0540c7bf99f5bff82d87a25104b62bc329ae1341cf10ab90eec18aa00722af8802747407b62f6bd7b0de1f1c871e170

    Download Submit

  • memory/1964-0-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1964-5-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/4048-4-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/4048-7-0x0000000000400000-0x0000000000573000-memory.dmp

    Filesize

    1.4MB

    Download