Overview

overview

7

Static

static

3

2024-05-25...id.exe

windows7-x64

7

2024-05-25...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 08:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe

  • Size

    586KB

  • MD5

    1c899fdcbad3f8f970ff64397b63f937

  • SHA1

    9c8507aca1c1d56f1387734d361f763f5d444fcf

  • SHA256

    22737c308e140c9a27d512eb22387aaed27191daff4b7821683d3a57920a4411

  • SHA512

    f3bb7b2e670f1436de9a82e34f5ed5033cb204ea10887601f52219a9806c41e85a799aaae06e25db021d7eaa78fe7ece623ebddec12913db6aa5184b6a2c4fe8

  • SSDEEP

    12288:pplrVbDdQaqdS/ofraFErH8uB2Wm0gXsNr5FU:rxRQ+Fucuvm0os

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-25_1c899fdcbad3f8f970ff64397b63f937_icedid.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Program Files\redistribution\purposes.exe
      "C:\Program Files\redistribution\purposes.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\redistribution\purposes.exe
    Filesize

    587KB

    MD5

    50c202fb495644a02329c98a7abd8afd

    SHA1

    266f28209367e0e35f245c356a99bb80c49e7249

    SHA256

    ff1524712050f81904d3715612c05d00eb9ab619f1ce6c36648843a258b9d725

    SHA512

    6d2ec4b27b52f8777460c76d36bf0a56231e6c33e5c0d1fe30466d0ff0c3d82ac22402aa2e60ac3431f0800b46d86fe9a64b9c742e71113fe823c773d31b7899

    Download Submit

  • memory/2980-0-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2980-5-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4528-6-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4528-7-0x0000000000400000-0x000000000059F000-memory.dmp

    Filesize

    1.6MB

    Download