Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
21-05-2024 03:44
General
-
Target
2024-05-21_d952bdd92199bfe125e60af01e3f8e79_icedid.exe
-
Size
325KB
-
MD5
d952bdd92199bfe125e60af01e3f8e79
-
SHA1
dd06fbb813235fd58d948796a4d8427b57bb28d6
-
SHA256
1daca0109bf32eb248dd2f6076c095b4dc916bde4561e81beb0600c8cfa6ebf6
-
SHA512
904cdcbb65bb913eed6d477fff89b527caf4625d7a283fea296bea1b298c3c5fcd25c1bceed7050a51de3fbed02d85e3cb8d68b0b737fe7b48386a4834ab17f5
-
SSDEEP
3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-21_d952bdd92199bfe125e60af01e3f8e79_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-21_d952bdd92199bfe125e60af01e3f8e79_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\choices\silently.exe"C:\Program Files\choices\silently.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
325KB
MD589fb173112c6ab90d81376004f442c4c
SHA1387987e7bdd824c742675de3a9366a0c05c05f9e
SHA256c38bb6e6dc6e3a279c2e1cee236946843cef081a79dd1c8a083d58303b73e67e
SHA512059e03319fd4ee1d0b713522f018288f15b280750c527421284db377dfc79ad27ac0b53602e7d0e99f7a15fcf036302b503fb6fcc6944086fac6a6b6e80a7ab5