Overview

overview

7

Static

static

3

2024-05-23...id.exe

windows7-x64

7

2024-05-23...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-23_3613a9e500aabe298013427c4f0d5bce_icedid.exe

  • Size

    585KB

  • MD5

    3613a9e500aabe298013427c4f0d5bce

  • SHA1

    1d0ea75b860abcb44bb7f33a7551d922eff84cca

  • SHA256

    c9d4b43ef20a05d1799e87092f4df81e3f5b5c55fe889a9ec4bd27c4ef2b009e

  • SHA512

    f15d22d704eda3cbb42f82ef502c9af4dbcee748d5826f0609d0fb38bc812dc8787737412c65ea40dd764df51aecdd66b329d414ef3aca7e4bc380c0a9ba09ba

  • SSDEEP

    12288:xplrVbDdQaqdS/RfraFE/H8uB2Wm0SXsNr5FU:DxR1+FCcuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-23_3613a9e500aabe298013427c4f0d5bce_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-23_3613a9e500aabe298013427c4f0d5bce_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1916
    • C:\Program Files\Italian\Japanese.exe
      "C:\Program Files\Italian\Japanese.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2784
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3852,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:8
    1⤵
      PID:4768

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Italian\Japanese.exe
      Filesize

      585KB

      MD5

      1c89ae781e17f7e647acdbf8ac826d39

      SHA1

      c9645c5d48b39200ce86f8f80f63e8f83c3e46c3

      SHA256

      07cc47775245dfe7c547ebbdc4772a71d9dd7ca714a178990b5bef192069b889

      SHA512

      8d45e3d543f013825317639f871068de2e3889ab14287f887790f775b8125db37b8f3f50c3ae815697dd10019ad681e5da094941dc47ab4818acc5a0815e6508

      Download Submit

    • memory/1916-0-0x0000000000400000-0x000000000059F000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1916-5-0x0000000000400000-0x000000000059F000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2784-6-0x0000000000400000-0x000000000059F000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2784-7-0x0000000000400000-0x000000000059F000-memory.dmp

      Filesize

      1.6MB

      Download