Overview

overview

7

Static

static

3

2024-04-29...id.exe

windows7-x64

7

2024-04-29...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    29/04/2024, 09:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-29_c8914371fb5d7a746d1cddfd20ad94c2_icedid.exe

  • Size

    585KB

  • MD5

    c8914371fb5d7a746d1cddfd20ad94c2

  • SHA1

    ecfa98112fc4b9929310bb8317cb7ebd257f9cf8

  • SHA256

    9ff97d9e4a706a5753426f1174c6fc86988196806f7b587831ff449ac208f7e9

  • SHA512

    987615f709954e3479399d09af97d19930922147a5da9284f139ad164e9012f9fa6046a81750250a4b127f4a721ed2195aac30661dcb1686f8d122352f1777bf

  • SSDEEP

    12288:WplrVbDdQaqdS/RfraFE/H8uB2Wm0SXsNr5FU:yxR1+FCcuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-29_c8914371fb5d7a746d1cddfd20ad94c2_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-29_c8914371fb5d7a746d1cddfd20ad94c2_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Program Files\components\existing.exe
      "C:\Program Files\components\existing.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\components\existing.exe
    Filesize

    585KB

    MD5

    c2c2bdb3574e38a9e8de1226d7895355

    SHA1

    0ee10d2b343a8997254be08e5707b807e7f398b1

    SHA256

    51c420feb2e33326d3fa1e0ea1d3ef59cc68f6ba604889394b6087bd429cc612

    SHA512

    d9631f1d7c2929671dcc6ecdddbe2338c2c0f9dd6e7c4fb28a4e1dd0b4f4135fff94747c2272a53b8c5603ea1a40efaea2b52052944a69ab1bf2e6e835746b27

    Download Submit

  • memory/2968-0-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2968-9-0x0000000002A90000-0x0000000002C2F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2968-11-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2992-10-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2992-12-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download