Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 01:01

General

  • Target

    2024-05-23_fefe9118ac096b5300fbf413ebd47ce2_icedid.exe

  • Size

    289KB

  • MD5

    fefe9118ac096b5300fbf413ebd47ce2

  • SHA1

    5c290118ebea9124b6bb0538860d97649060f294

  • SHA256

    0796bc3b492e5ae388f842b73dfc36a68c0b482d4347cf0448db13f91e6bedbb

  • SHA512

    00af6bf8ee84179fedac27e3cd89c2821460afddf8236de93e65f9ec33c347ef8baa48cfd0092ab84b3b9bb829e0279c5b5c7e09bb9f56c723432b04cf6c0b2e

  • SSDEEP

    3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-23_fefe9118ac096b5300fbf413ebd47ce2_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-23_fefe9118ac096b5300fbf413ebd47ce2_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3292
    • C:\Program Files\having\towrite.exe
      "C:\Program Files\having\towrite.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3744
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 972
      2⤵
      • Program crash
      PID:5012
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 1032
      2⤵
      • Program crash
      PID:1736
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3292 -ip 3292
    1⤵
      PID:3496
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3292 -ip 3292
      1⤵
        PID:4396
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3740 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:332

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\having\towrite.exe

          Filesize

          289KB

          MD5

          eb5f22ed7e35af7264c7ea746a639953

          SHA1

          10ab82b6e2eefc87fd5d2d10f04728d93b957cfe

          SHA256

          9757924b64f5647ceabd53d2cf045924b9732f313f510124335fe462f601d46e

          SHA512

          a2b03cd8cb52a7da45b773e622db801d6d1e772bb5db29b6f145fdd681051495eb794d1b39197daa4c23d3ae777dbee6a8687123960079cb4668e7fc5b96ab4c