Overview

overview

7

Static

static

3

2024-05-22...id.exe

windows7-x64

7

2024-05-22...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe

  • Size

    288KB

  • MD5

    08d2d3c5a9298a746179e0b4475e8ee7

  • SHA1

    9050a091b5c13104f29d5bb286b89e653efd2065

  • SHA256

    f17537d2110e90fb8d884f308b72b97973ebc1dcefc5a3abb138657d31c14914

  • SHA512

    fe816c3037b8bd99606b7b230250800e33d14c6f4d8525fb55e0db0947eb935978e6f4d6123d0e6fda735ec0223f681e65f86fd1dfe6dd92f286e1ac1bc076f2

  • SSDEEP

    3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Program Files\.exe
      "C:\Program Files\\.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:228
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 1028
      2⤵
      • Program crash
      PID:1020
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 1032
      2⤵
      • Program crash
      PID:4192
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 900 -ip 900
    1⤵
      PID:1236
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 900 -ip 900
      1⤵
        PID:2632

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\.exe
        Filesize

        289KB

        MD5

        245802cd68146fd7d0067e275dbefbaf

        SHA1

        18f90da06f5e3ec09fa35b45ff911457d97caafb

        SHA256

        0ed1bbcdbdf3751dc61cc16c329a2d963c5803b456b605d18f2289165c2a177a

        SHA512

        157b37dd3c117a2212f123347b640bb8de38be2ae376b1681ebd3b40759b1216899d39bec3d516f3a46d2ce81a97f7a5fef7bf761802d1ec7f5b5d3bd6c02f6a

        Download Submit