Overview

overview

7

Static

static

3

2024-05-23...id.exe

windows7-x64

7

2024-05-23...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 00:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-23_6c3b11adf2d225977e12afcf21ca51f0_icedid.exe

  • Size

    587KB

  • MD5

    6c3b11adf2d225977e12afcf21ca51f0

  • SHA1

    a7aa4470f6ee8dfed1f7450fa323c75fe97fae7f

  • SHA256

    d4105efde7699316aad129c3122428e14ddce34550235b772d02b4d3b3d8d16f

  • SHA512

    5bc8b5662b86aa2637994308aebf32bcd8d451fac736d08473a406160975b22b213d18b330d80d406b72035598e8d6f09d38278c7e68e826961d785cc77cba9e

  • SSDEEP

    12288:bplrVbDdQaqdS/ofraFErH8uB2Wm0gXsNr5FU:NxRQ+Fucuvm0os

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-23_6c3b11adf2d225977e12afcf21ca51f0_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-23_6c3b11adf2d225977e12afcf21ca51f0_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1916
    • C:\Program Files\Dependency\released.exe
      "C:\Program Files\Dependency\released.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\Dependency\released.exe
    Filesize

    587KB

    MD5

    815b987f69ef7ab21ef2b1fad441a83b

    SHA1

    99ca751b58b6e36d9a360f7b49060a0c5191f806

    SHA256

    386792d9687b5910fd72d90b45df995c3d8d4560090cf8bfa7f9fc9f79fcbdaf

    SHA512

    ead351face20f5015e151a0ae411f55b3b049942b69aa57ab6394ce728e232e75bab4183738670b7a86e2d0dd5207113b6778ab8bdb0d2ad7d8cf3072b6d166d

    Download Submit
  • memory/1916-0-0x0000000000400000-0x000000000059F000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1916-9-0x0000000002950000-0x0000000002AEF000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1916-11-0x0000000000400000-0x000000000059F000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2404-10-0x0000000000400000-0x000000000059F000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2404-12-0x0000000000400000-0x000000000059F000-memory.dmp
    Filesize

    1.6MB

    Download