e8988fc3769d87d790979fe15e70ab0e4f0770a64552300181660a683c35e3fb

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:57

Target

2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe
Size

585KB
MD5

e457b9999f121c0312fda4d09ffa16c1
SHA1

e7d7e170546453ae7b72311de48b651b1f93b06e
SHA256

e8988fc3769d87d790979fe15e70ab0e4f0770a64552300181660a683c35e3fb
SHA512

bcb0cb37fea5de75c9faa4d7baf70988e4f2d8b4ba92f3c9edc6ab2f1f0def6544aa024442c29726221e58589a251a6064af1bfb4c39f20402f74eda561f1e60
SSDEEP

12288:mplrVbDdQaqdS/RfraFE/H8uB2Wm0SXsNr5FU:CxR1+FCcuvm0as

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

Dsetup2.exe

pid process

3044 Dsetup2.exe
Loads dropped DLL 4 IoCs

Processes:

2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exeDsetup2.exe

pid process

2416 2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe
3044 Dsetup2.exe
3044 Dsetup2.exe
3044 Dsetup2.exe
Drops file in Program Files directory 1 IoCs

Processes:

2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe

description ioc process

File created C:\Program Files\Dsetup1\Dsetup2.exe 2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe

pid	process
3044	Dsetup2.exe

description	ioc	process
File created	C:\Program Files\Dsetup1\Dsetup2.exe	2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exeDsetup2.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe

description	pid	process	target process
PID 2416 wrote to memory of 3044	2416	2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe	Dsetup2.exe
PID 2416 wrote to memory of 3044	2416	2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe	Dsetup2.exe
PID 2416 wrote to memory of 3044	2416	2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe	Dsetup2.exe
PID 2416 wrote to memory of 3044	2416	2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe	Dsetup2.exe
PID 2416 wrote to memory of 3044	2416	2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe	Dsetup2.exe
PID 2416 wrote to memory of 3044	2416	2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe	Dsetup2.exe
PID 2416 wrote to memory of 3044	2416	2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe	Dsetup2.exe

\Program Files\Dsetup1\Dsetup2.exe
Filesize
585KB

MD5
3a660d05959cede1cd73837bdc1ba996

SHA1
ceaa9527b68e4568682ba9517dc5bda9858a9bce

SHA256
0bd0a86f3e2c5bd97c8ad9d76c30a15596f44ae406caa5133da891bd53c6e03c

SHA512
cdf389f398e57e2ba5696b74419a65b0fe65efc9f04678392b4c39e5c68116280027106b37479bb7efe0ec4a7d623c216dad1092d9a07fdb4079031bffc06fd5

Download Submit
memory/2416-0-0x0000000000400000-0x000000000059F000-memory.dmp

Filesize
1.6MB

Download
memory/2416-12-0x0000000000400000-0x000000000059F000-memory.dmp

Filesize
1.6MB

Download
memory/2416-10-0x0000000002A90000-0x0000000002C2F000-memory.dmp

Filesize
1.6MB

Download
memory/3044-11-0x0000000000400000-0x000000000059F000-memory.dmp

Filesize
1.6MB

Download
memory/3044-13-0x0000000000990000-0x0000000000B2F000-memory.dmp

Filesize
1.6MB

Download
memory/3044-14-0x0000000000400000-0x000000000059F000-memory.dmp

Filesize
1.6MB

Download