Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 03:43
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe
-
Size
288KB
-
MD5
08d2d3c5a9298a746179e0b4475e8ee7
-
SHA1
9050a091b5c13104f29d5bb286b89e653efd2065
-
SHA256
f17537d2110e90fb8d884f308b72b97973ebc1dcefc5a3abb138657d31c14914
-
SHA512
fe816c3037b8bd99606b7b230250800e33d14c6f4d8525fb55e0db0947eb935978e6f4d6123d0e6fda735ec0223f681e65f86fd1dfe6dd92f286e1ac1bc076f2
-
SSDEEP
3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
.exepid process 228 .exe -
Drops file in Program Files directory 2 IoCs
Processes:
2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exedescription ioc process File created C:\Program Files\.exe 2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe File opened for modification C:\Program Files\.exe 2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe -
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 1020 900 WerFault.exe 2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe 4192 900 WerFault.exe 2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe.exepid process 900 2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe 900 2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe 900 2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe 900 2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe 228 .exe 228 .exe 228 .exe 228 .exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exedescription pid process target process PID 900 wrote to memory of 228 900 2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe .exe PID 900 wrote to memory of 228 900 2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe .exe PID 900 wrote to memory of 228 900 2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe .exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-22_08d2d3c5a9298a746179e0b4475e8ee7_icedid.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\.exe"C:\Program Files\\.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 10282⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 10322⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 900 -ip 9001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 900 -ip 9001⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\.exeFilesize
289KB
MD5245802cd68146fd7d0067e275dbefbaf
SHA118f90da06f5e3ec09fa35b45ff911457d97caafb
SHA2560ed1bbcdbdf3751dc61cc16c329a2d963c5803b456b605d18f2289165c2a177a
SHA512157b37dd3c117a2212f123347b640bb8de38be2ae376b1681ebd3b40759b1216899d39bec3d516f3a46d2ce81a97f7a5fef7bf761802d1ec7f5b5d3bd6c02f6a