4cc4ec1ce675714c119dab2d5da81f4e313b65623726556313a4642dbd8434f2

Analysis

max time kernel
79s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 23:21

Target

2024-06-16_76d4af55d41c82ec98fea2194292ab50_icedid.exe
Size

291KB
MD5

76d4af55d41c82ec98fea2194292ab50
SHA1

012eaa8e09ceffae009b420e3d730ef904ee8d60
SHA256

4cc4ec1ce675714c119dab2d5da81f4e313b65623726556313a4642dbd8434f2
SHA512

d0f824d2e8edd85eca5790504b7753a240887798c6efd04816e89e5091a2ee49d472b12e8a36dd8cbb05458cbce3f568fb981714842f33e24595ad6b02fd27ad
SSDEEP

3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2596	match.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\build\match.exe	2024-06-16_76d4af55d41c82ec98fea2194292ab50_icedid.exe
File opened for modification	C:\Program Files\build\match.exe	2024-06-16_76d4af55d41c82ec98fea2194292ab50_icedid.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4088	1844	WerFault.exe	81
2060	1844	WerFault.exe	81

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 2596	1844	2024-06-16_76d4af55d41c82ec98fea2194292ab50_icedid.exe	82
PID 1844 wrote to memory of 2596	1844	2024-06-16_76d4af55d41c82ec98fea2194292ab50_icedid.exe	82
PID 1844 wrote to memory of 2596	1844	2024-06-16_76d4af55d41c82ec98fea2194292ab50_icedid.exe	82

C:\Users\Admin\AppData\Local\Temp\2024-06-16_76d4af55d41c82ec98fea2194292ab50_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-16_76d4af55d41c82ec98fea2194292ab50_icedid.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Program Files\build\match.exe
  "C:\Program Files\build\match.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2596
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 1016
  2⤵
  - Program crash
  PID:4088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 1008
  2⤵
  - Program crash
  PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1844 -ip 1844
1⤵
PID:700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1844 -ip 1844
1⤵
PID:4364

C:\Program Files\build\match.exe

Filesize
291KB

MD5
08709028f1de91efc6c7be75a8ab10a3

SHA1
4f23d0497e7d83293ba8cd2f1215b9be2724b11a

SHA256
1f06fb0f18633600643b88d8ac9dae20df2bfa9a19dfc72313d1f9a5946b2c42

SHA512
1e401b558b043342e8afd896c77384c2b9062155147967d238c741d19a6bd13952f84e9e4452bce0261b03b7277652b1697ada1753712377b00aa1f6e45c5686

Download Submit