Overview

overview

7

Static

static

3

2024-05-23...id.exe

windows7-x64

7

2024-05-23...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 00:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe

  • Size

    585KB

  • MD5

    e457b9999f121c0312fda4d09ffa16c1

  • SHA1

    e7d7e170546453ae7b72311de48b651b1f93b06e

  • SHA256

    e8988fc3769d87d790979fe15e70ab0e4f0770a64552300181660a683c35e3fb

  • SHA512

    bcb0cb37fea5de75c9faa4d7baf70988e4f2d8b4ba92f3c9edc6ab2f1f0def6544aa024442c29726221e58589a251a6064af1bfb4c39f20402f74eda561f1e60

  • SSDEEP

    12288:mplrVbDdQaqdS/RfraFE/H8uB2Wm0SXsNr5FU:CxR1+FCcuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-23_e457b9999f121c0312fda4d09ffa16c1_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3692
    • C:\Program Files\structure\locations.exe
      "C:\Program Files\structure\locations.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\structure\locations.exe
    Filesize

    585KB

    MD5

    b709e2c4a436965458ea5722190a4f85

    SHA1

    64108d611b815c0332285b6d52d3a619e4e6eea0

    SHA256

    c5e316db73a8d754a7f5f94cecc1c6e54e1b561ff8f797afc5b77044e4fb5ea1

    SHA512

    16cf4cc9765727116bac1ef2eb25c980636ec37d655023d5558491b9499d92ffe0f8908129dc3b923cca6a104fb67a404043669a4a11b45c3cc3bc3a847e2d5d

    Download Submit

  • memory/3692-0-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3692-5-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4572-6-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4572-7-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download