Analysis
-
max time kernel
133s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 08:25
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe
Resource
win10v2004-20240426-en
General
-
Target
2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe
-
Size
586KB
-
MD5
1c899fdcbad3f8f970ff64397b63f937
-
SHA1
9c8507aca1c1d56f1387734d361f763f5d444fcf
-
SHA256
22737c308e140c9a27d512eb22387aaed27191daff4b7821683d3a57920a4411
-
SHA512
f3bb7b2e670f1436de9a82e34f5ed5033cb204ea10887601f52219a9806c41e85a799aaae06e25db021d7eaa78fe7ece623ebddec12913db6aa5184b6a2c4fe8
-
SSDEEP
12288:pplrVbDdQaqdS/ofraFErH8uB2Wm0gXsNr5FU:rxRQ+Fucuvm0os
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4528 purposes.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\redistribution\purposes.exe 2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2980 2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe 2980 2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe 2980 2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe 2980 2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe 4528 purposes.exe 4528 purposes.exe 4528 purposes.exe 4528 purposes.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2980 wrote to memory of 4528 2980 2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe 82 PID 2980 wrote to memory of 4528 2980 2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe 82 PID 2980 wrote to memory of 4528 2980 2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980 -
C:\Program Files\redistribution\purposes.exe"C:\Program Files\redistribution\purposes.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4528
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
587KB
MD550c202fb495644a02329c98a7abd8afd
SHA1266f28209367e0e35f245c356a99bb80c49e7249
SHA256ff1524712050f81904d3715612c05d00eb9ab619f1ce6c36648843a258b9d725
SHA5126d2ec4b27b52f8777460c76d36bf0a56231e6c33e5c0d1fe30466d0ff0c3d82ac22402aa2e60ac3431f0800b46d86fe9a64b9c742e71113fe823c773d31b7899