Overview

overview

3

Static

static

3

2024-06-11...im.exe

windows7-x64

1

2024-06-11...im.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    90s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/06/2024, 09:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-11_50c60d31aa8193d5676c07bd30c2cd7b_darpapox_icedid_nymaim.exe

  • Size

    16.7MB

  • MD5

    50c60d31aa8193d5676c07bd30c2cd7b

  • SHA1

    941b29714e3d3fad30e99c479ee4765cedddccbb

  • SHA256

    c30f5e9ffd75f81ad69dde4ad1e86b0db40d2a24280bb05e98210cb77054c038

  • SHA512

    d40b58d858e9359db0310b06bd4d1f3e1582b4b8d93fcc8a3011f29b5c5fd908efb777b662f5fcf721f4ff5a81f3a24c31bec4ea0c6882f026d95ba275327fec

  • SSDEEP

    196608:2uQF9WNAyEz75jsj8flgcsklKbAs4eR3GBXlCCVJIx+N/IO7:2yral/fDKt4ewVJIkN/Ig

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-11_50c60d31aa8193d5676c07bd30c2cd7b_darpapox_icedid_nymaim.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-11_50c60d31aa8193d5676c07bd30c2cd7b_darpapox_icedid_nymaim.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4572
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe
      2⤵
        PID:3028

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\2024-06-11_50c60d31aa8193d5676c07bd30c2cd7b_darpapox_icedid_nymaim.exe
            Filesize

            15.0MB

            MD5

            ec51ab8866ec9b8a96ec1f62ea47139e

            SHA1

            1f2962df4f6c6f80fa79a7f7d94cc21a76ca9558

            SHA256

            78b4e74527d394cafd55728558a9fdf8d8a7d91818e8dabe8133fa8a46463a56

            SHA512

            9867307c40ff7f8fd3c26a20e99b6e018236eea40d3c85211ed8ed4c2b26ee2e7034553fb9a09d3c7fd3bb3555d6be4b1f457c8b1dba6fc5607463c06f7324df

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\@AE5B20.tmp.exe
            Filesize

            1.7MB

            MD5

            b8ec86b3488e480fb921dd20b7cbc7cb

            SHA1

            7e3e159c2b80dc7781bf020e45acfd2e995b8eba

            SHA256

            cb9ab28c8667dfebde893e410bd9dbde9e09cb5dada0d0d2a3c5ae75daa7f392

            SHA512

            9ee8d82d6552db5c32a5fb07d521a8c0a8c724fc47aa1e5d158f8b48669a662a579f224be27d9416afbedc589182c2a1bdb0cb7faaaa7fc1bd68c5ac5bdefc70

            Download Submit