Overview

overview

7

Static

static

3

2024-04-17...id.exe

windows7-x64

7

2024-04-17...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 01:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-17_22ef186505a1a814bd746ab29f6b2a92_icedid.exe

  • Size

    286KB

  • MD5

    22ef186505a1a814bd746ab29f6b2a92

  • SHA1

    6e6bf8682b4374aa8ee20b526307de5fd3ce33a2

  • SHA256

    25755ce42e300e01c3bb6b7b7902bed4aca82e0f72ca90750168d8dabad51b7d

  • SHA512

    995f8715b5bc9ff8771d3ffcff863be1e37751fd0561dc57052a702520253994a451aa32c3f789cfd61b66aafa0cef0f3520e5b97e4727f44fb5f3737d3fb84b

  • SSDEEP

    3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-17_22ef186505a1a814bd746ab29f6b2a92_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-17_22ef186505a1a814bd746ab29f6b2a92_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Program Files\entirely\Typically.exe
      "C:\Program Files\entirely\Typically.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:832
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 1020
      2⤵
      • Program crash
      PID:388
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 1036
      2⤵
      • Program crash
      PID:4368
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1960 -ip 1960
    1⤵
      PID:2684
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1960 -ip 1960
      1⤵
        PID:740

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files\entirely\Typically.exe
              Filesize

              286KB

              MD5

              f5e599bff6c217db2f8a952a4a0373fa

              SHA1

              e834c75a689e7657c105e685af386173ba283f0b

              SHA256

              b092a391045e76930a29e848179c3c7df3ad1dc268d626b62495b8ed6beb0424

              SHA512

              18236835779836c4ff6921aaf7952254ffd4188a674676f833df411f9dfb6ff16c7cfed884cd50f1086516b850fabf21ed6e6a702864199153b3845146ab07ec

              Download Submit