04f88b941fc6683c9002ff0ced50d9f2c8a9d378ee4c8117e23559cac7b4646e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/04/2024, 21:07

Target

2024-04-24_8abd24649248c4c86c6f154b225dfcf4_icedid.exe
Size

392KB
MD5

8abd24649248c4c86c6f154b225dfcf4
SHA1

2be8117ccab94bb58e6b1515bc981bb4fca2024b
SHA256

04f88b941fc6683c9002ff0ced50d9f2c8a9d378ee4c8117e23559cac7b4646e
SHA512

7740563add97e1bc7efaafe394a4d9c8be6d9393c150cb1e39e6b375457f706a5e0f0896f3a39175d6e17e9d1c493bf1f7e5164b4df579d14dbf96c809ec0076
SSDEEP

12288:nplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:JxRQ+Fucuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1960	GetDXVer.exe

Loads dropped DLL 2 IoCs

pid	Process
2960	2024-04-24_8abd24649248c4c86c6f154b225dfcf4_icedid.exe
2960	2024-04-24_8abd24649248c4c86c6f154b225dfcf4_icedid.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Tool\GetDXVer.exe	2024-04-24_8abd24649248c4c86c6f154b225dfcf4_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 1960	2960	2024-04-24_8abd24649248c4c86c6f154b225dfcf4_icedid.exe	28
PID 2960 wrote to memory of 1960	2960	2024-04-24_8abd24649248c4c86c6f154b225dfcf4_icedid.exe	28
PID 2960 wrote to memory of 1960	2960	2024-04-24_8abd24649248c4c86c6f154b225dfcf4_icedid.exe	28
PID 2960 wrote to memory of 1960	2960	2024-04-24_8abd24649248c4c86c6f154b225dfcf4_icedid.exe	28

\Program Files\Tool\GetDXVer.exe

Filesize
392KB

MD5
dcc0e6da10c783a702ff17bd8f47b34a

SHA1
9945e525c3a429839e454be88a8f5a33d986c94c

SHA256
008562c90ad2144604ca32b38117a047dc97cff8324d3719a9c2de273f700534

SHA512
3b0f7977454f9d562fe1160a98c899eedb96b56c83c9f4eb15faea45ea8b967cc72bc1e1438c37a63df282a7c52d33aef40b8339ad3c15d92f5a50f259b49cfb

Download Submit