Overview

overview

7

Static

static

3

2024-05-29...xz.exe

windows7-x64

7

2024-05-29...xz.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 08:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-29_fbcf9bf8b838bb2c9858a79161ccb0fe_icedid_zxxz.exe

  • Size

    6.1MB

  • MD5

    fbcf9bf8b838bb2c9858a79161ccb0fe

  • SHA1

    0c26e5c7e145ead7a595f942f4d8d61f6859bb0d

  • SHA256

    063c9a324280fab675e32bde8445df5ca10b9684033d199504081c00672666fb

  • SHA512

    3235a3d2cbdfba405b1a0555dfca402dd1175808aab05484b79af0d0a2add16f6177acc3eb9a7455741ddd0f2471961c7cdd610d92f088c9a098eaeb6012a281

  • SSDEEP

    98304:o3yVKDkvJgEIcmWZWWvJgWma00jq9EjOTphn4YVDkeLWf:ozGJIWVJpG934Ydkn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-29_fbcf9bf8b838bb2c9858a79161ccb0fe_icedid_zxxz.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-29_fbcf9bf8b838bb2c9858a79161ccb0fe_icedid_zxxz.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\ʼþ´¦Àí.bat
      2⤵
      • Deletes itself
      PID:2540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ʼþ´¦Àí.bat
    Filesize

    251B

    MD5

    be4eec69b066b2d0b46fb216bb3beb16

    SHA1

    5f002224162545793c5626d4feba4247b33b0e5b

    SHA256

    390e644a54ed8d99146171d2f04ed53f1a3a7ee16419b54deb190886cd7fdbdf

    SHA512

    5521f0d773f7a28bff99c483fb77dd37289c918f96a996e6bf2eb6e55f85e09c305dff89739dfe54a3a0eabb8f5324bce04fe54a2c31314363ba75784673fbde

    Download Submit