Overview

overview

7

Static

static

3

2024-05-23...id.exe

windows7-x64

7

2024-05-23...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-23_3613a9e500aabe298013427c4f0d5bce_icedid.exe

  • Size

    585KB

  • MD5

    3613a9e500aabe298013427c4f0d5bce

  • SHA1

    1d0ea75b860abcb44bb7f33a7551d922eff84cca

  • SHA256

    c9d4b43ef20a05d1799e87092f4df81e3f5b5c55fe889a9ec4bd27c4ef2b009e

  • SHA512

    f15d22d704eda3cbb42f82ef502c9af4dbcee748d5826f0609d0fb38bc812dc8787737412c65ea40dd764df51aecdd66b329d414ef3aca7e4bc380c0a9ba09ba

  • SSDEEP

    12288:xplrVbDdQaqdS/RfraFE/H8uB2Wm0SXsNr5FU:DxR1+FCcuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-23_3613a9e500aabe298013427c4f0d5bce_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-23_3613a9e500aabe298013427c4f0d5bce_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1800
    • C:\Program Files\German\Italian.exe
      "C:\Program Files\German\Italian.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\German\Italian.exe
    Filesize

    585KB

    MD5

    ca0ecafb1467f1ae9c8cf025b4a7ba6a

    SHA1

    3bd62bed6c0c3321588ac84b3a058eef0afc184c

    SHA256

    c2df574c336dfbd2ae18023aa3797f5d54fc70e89c3561be1c941b1a55245467

    SHA512

    94f6458899a5fa6e2e25279b1ac21ba023825cad5426ff96f49dbe026fd514a504aafbf600f3db9084ce5099b29b5bf92a8328991682eeacefe24f8f788d109d

    Download Submit

  • memory/1800-0-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1800-9-0x00000000029F0000-0x0000000002B8F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1800-11-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2376-10-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2376-12-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download