806abeff2b726cb96ec6723a7db40bf75014b4248382557eb0229511ed53912e

Analysis

max time kernel
94s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 18:24

Target

2024-07-09_2afb2aae361e64cda77bbcff87158a05_icedid.exe
Size

290KB
MD5

2afb2aae361e64cda77bbcff87158a05
SHA1

d0ff495e598ed3e5618db04cedeaef5458bb900b
SHA256

806abeff2b726cb96ec6723a7db40bf75014b4248382557eb0229511ed53912e
SHA512

d14d96de616ed58f6f3e9414c6b0ef50cca88ee7158a6ad11c5b6ee554e6a02d1a04eeba26d1085a6edbf352beb9fe45f3710276757a13c4f471c6efaae39d16
SSDEEP

3072:lxUm75Fku3eKeO213SJReOqdmErj+HyHnNVIPL/+ybbiW1u46Q7qV3lU8xM:fU8Dk11CJ1qDWUNVIT/bblS9x

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4200	errors.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\errors.exe	2024-07-09_2afb2aae361e64cda77bbcff87158a05_icedid.exe
File opened for modification	C:\Program Files\errors.exe	2024-07-09_2afb2aae361e64cda77bbcff87158a05_icedid.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4112	3960	WerFault.exe	80
2720	3960	WerFault.exe	80

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3960	2024-07-09_2afb2aae361e64cda77bbcff87158a05_icedid.exe
3960	2024-07-09_2afb2aae361e64cda77bbcff87158a05_icedid.exe
3960	2024-07-09_2afb2aae361e64cda77bbcff87158a05_icedid.exe
3960	2024-07-09_2afb2aae361e64cda77bbcff87158a05_icedid.exe
4200	errors.exe
4200	errors.exe
4200	errors.exe
4200	errors.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 4200	3960	2024-07-09_2afb2aae361e64cda77bbcff87158a05_icedid.exe	84
PID 3960 wrote to memory of 4200	3960	2024-07-09_2afb2aae361e64cda77bbcff87158a05_icedid.exe	84
PID 3960 wrote to memory of 4200	3960	2024-07-09_2afb2aae361e64cda77bbcff87158a05_icedid.exe	84

C:\Users\Admin\AppData\Local\Temp\2024-07-09_2afb2aae361e64cda77bbcff87158a05_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-09_2afb2aae361e64cda77bbcff87158a05_icedid.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Program Files\errors.exe
  "C:\Program Files\\errors.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4200
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 1036
  2⤵
  - Program crash
  PID:4112
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 1040
  2⤵
  - Program crash
  PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3960 -ip 3960
1⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3960 -ip 3960
1⤵
PID:1952

C:\Program Files\errors.exe

Filesize
290KB

MD5
0b0d0d1053b44849edea3ed26d2a0a9c

SHA1
cae383dc964773cb0dfae05f789cc3a55ae75232

SHA256
67515295ec9ea037d4bbffdc6c199ab1b0f0c254d5d8a82130b7777ad3508f5e

SHA512
1dd953e533c1086d1e6953294ca52ef4fb5a4a62672dc89b53f8d7d1a8fc2de01c1c4f33a9420d1be4fd1c4025e1e9533f9d1ad7486a83ce4fa02ff81cbade92

Download Submit