Analysis
-
max time kernel
141s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
04/06/2024, 06:35
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-04_98f83c097047a9e302b627172af938e1_icedid.exe
Resource
win7-20240221-en
General
-
Target
2024-06-04_98f83c097047a9e302b627172af938e1_icedid.exe
-
Size
2.8MB
-
MD5
98f83c097047a9e302b627172af938e1
-
SHA1
98f420bb4963351ba936d8c897bd50d42ad5ab22
-
SHA256
16989e6faa9b9028b5e91ab258ea45fb639cde543e052a48c276e863c3dd74b8
-
SHA512
5e38177405409d1e1b262819caa5ee4fab4e181223c5a613ef6d9b3bbaa5894f22c038ea321b44f70ad82ca1fe644c5c8f0a46e20b096e6343b641ac51d86721
-
SSDEEP
49152:a+viGaanWy2WlsCJyo3LrFPO/NsbQtJGhAyGWv4uAfHxf:HinanWy2W2q7rhmgG0oHxf
Malware Config
Signatures
-
Detects executables packed with ASPack 8 IoCs
resource yara_rule behavioral2/memory/1108-52-0x0000000074EA0000-0x000000007507F000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/1108-54-0x0000000074EA0000-0x000000007507F000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/1108-53-0x0000000074EA0000-0x000000007507F000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/1108-51-0x0000000074EA0000-0x000000007507F000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/files/0x000a000000023423-47.dat INDICATOR_EXE_Packed_ASPack behavioral2/memory/1108-55-0x0000000074EA0000-0x000000007507F000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/1108-68-0x0000000074EA0000-0x000000007507F000-memory.dmp INDICATOR_EXE_Packed_ASPack behavioral2/memory/1108-69-0x0000000074EA0000-0x000000007507F000-memory.dmp INDICATOR_EXE_Packed_ASPack -
UPX dump on OEP (original entry point) 26 IoCs
resource yara_rule behavioral2/memory/1108-0-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-34-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-43-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-45-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-44-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-40-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-38-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-36-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-32-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-30-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-26-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-24-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-22-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-20-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-18-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-16-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-15-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-12-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-10-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-8-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-7-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-4-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-28-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-2-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-1-0x0000000010000000-0x000000001003F000-memory.dmp UPX behavioral2/memory/1108-57-0x0000000010000000-0x000000001003F000-memory.dmp UPX -
resource yara_rule behavioral2/files/0x000a000000023423-47.dat aspack_v212_v242 -
Loads dropped DLL 1 IoCs
pid Process 1108 2024-06-04_98f83c097047a9e302b627172af938e1_icedid.exe -
resource yara_rule behavioral2/memory/1108-0-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-34-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-43-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-45-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-44-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-40-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-38-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-36-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-32-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-30-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-26-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-24-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-22-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-20-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-18-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-16-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-15-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-12-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-10-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-8-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-7-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-4-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-28-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-2-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-1-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/1108-57-0x0000000010000000-0x000000001003F000-memory.dmp upx -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1108 2024-06-04_98f83c097047a9e302b627172af938e1_icedid.exe 1108 2024-06-04_98f83c097047a9e302b627172af938e1_icedid.exe 1108 2024-06-04_98f83c097047a9e302b627172af938e1_icedid.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
917KB
MD5f6cfcfc04668dd30cacbb030d8ab4511
SHA15656f56c14deb1e96aca851da42634a2fdf847e9
SHA2569c15d64e0fe69ab4bab37c48975ca71f43d9761c1437037fbf2109681d49590d
SHA51258d474b429421b450f03052391326dae5dad1e16f56a3be3f1ce103f56a29702f71932169d8c23f6a99f94edc8e14d4570533225112cfbf8affd03302689a164