Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
25/05/2024, 13:05
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-25_70d5d94cb529c4ee70c158e50a967499_icedid.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-05-25_70d5d94cb529c4ee70c158e50a967499_icedid.exe
Resource
win10v2004-20240426-en
General
-
Target
2024-05-25_70d5d94cb529c4ee70c158e50a967499_icedid.exe
-
Size
5.3MB
-
MD5
70d5d94cb529c4ee70c158e50a967499
-
SHA1
c6866d784820364e05c8dcb3945b4b97d855f132
-
SHA256
8864a6b51d8500493472f77289009adf836afe1611f7b2cf94124dd64bdba582
-
SHA512
3b09bc3915b85261fffddefc26fb6709af5f2a617987e43048f01727bbb18dbc7330506deedee12193302771abb028b0171d29615b34d79e2976a984d15647ec
-
SSDEEP
98304:He4w9BiZ/b+Ar9Eb+mhPhPTbk1sFLZXq4faJk3e6Zji4caITJ/iM83Iif6BF9rXl:He4w9Bitfi5llTbRatibZji7J/Z8/fiJ
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1240 2024-05-25_70d5d94cb529c4ee70c158e50a967499_icedid.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1240 2024-05-25_70d5d94cb529c4ee70c158e50a967499_icedid.exe 1240 2024-05-25_70d5d94cb529c4ee70c158e50a967499_icedid.exe 1240 2024-05-25_70d5d94cb529c4ee70c158e50a967499_icedid.exe 1240 2024-05-25_70d5d94cb529c4ee70c158e50a967499_icedid.exe