Overview

overview

7

Static

static

3

2024-04-27...id.exe

windows7-x64

7

2024-04-27...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    66s
  • max time network
    57s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-04-2024 10:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-27_437c7296f77310731a0cf819b84d80f3_icedid.exe

  • Size

    586KB

  • MD5

    437c7296f77310731a0cf819b84d80f3

  • SHA1

    712559537236328cc4d67e58778700577db85b26

  • SHA256

    de40f4d33a299945f315570f3b54fe033279682117e8b78afb834c855a86431d

  • SHA512

    c1292a6ec7afeeaa97c2e358f4b9c404b5a5e87963120ea21e439f9e56d100c0fe2327494d47b0d6f23d61c38b1f7173ca60200be778e0ab91cb53cfac74dbfd

  • SSDEEP

    12288:YplrVbDdQaqdS/ofraFErH8uB2Wm0gXsNr5FU:ExRQ+Fucuvm0os

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-27_437c7296f77310731a0cf819b84d80f3_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-27_437c7296f77310731a0cf819b84d80f3_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Program Files\Chinese\Traditional.exe
      "C:\Program Files\Chinese\Traditional.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Chinese\Traditional.exe
    Filesize

    586KB

    MD5

    09c9f62f68e297a6934132e249aaf291

    SHA1

    1543cc9d5a20731315bdb235b25000bebbbd2790

    SHA256

    6faa4e362f42a55082b08908bf823acf93528d890418ea67685a1c0c26157df4

    SHA512

    940e8924ad5378132280c6c59e4a77a9b2f94325ba7f949a103437184dee6616a2cbb77730a5e33107b932e32e5821d58a488ebab6f3d85a297fecc51b0889ba

    Download Submit

  • memory/2568-6-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2568-7-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2908-0-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2908-4-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download