Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
09-07-2024 20:51
Static task
static1
Behavioral task
behavioral1
Sample
2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe
Resource
win10v2004-20240709-en
General
-
Target
2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe
-
Size
586KB
-
MD5
6dcd673a8d4480824a6761231fb6706d
-
SHA1
4aea4ad418e19e265154055a66aebcd7abe7f87a
-
SHA256
0e8146c50986a161aeef603f78c9c495df2e26af3cb601ce839d8d45e93df8eb
-
SHA512
0e2a25863a7306c723dcb43457c75ff11e59d6d544cb27439591f4a5565974e80eeba5a1d82614c64d08878760c950d7e73d745fd013f6cb8eedf2402a05fac2
-
SSDEEP
12288:8plrVbDdQaqdS/RfraFE/H8uB2Wm0SXsNr5FU:IxR1+FCcuvm0as
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2532 dependant.exe -
Loads dropped DLL 2 IoCs
pid Process 2120 2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe 2120 2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\distribution\dependant.exe 2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2120 2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe 2120 2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe 2120 2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe 2120 2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe 2532 dependant.exe 2532 dependant.exe 2532 dependant.exe 2532 dependant.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2120 wrote to memory of 2532 2120 2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe 30 PID 2120 wrote to memory of 2532 2120 2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe 30 PID 2120 wrote to memory of 2532 2120 2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe 30 PID 2120 wrote to memory of 2532 2120 2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-09_6dcd673a8d4480824a6761231fb6706d_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Program Files\distribution\dependant.exe"C:\Program Files\distribution\dependant.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
586KB
MD5d1a9261c625b954c06b1b936ccc93d3a
SHA11d5ef3172a3b228ed1f0fb8174af5757da1a7193
SHA256d3f5418ee3fc540ac2cae8bd0b8b5114283c6228b23ce02a356e1d21bba7106a
SHA512355257ee5bd1d9feaf7555958db1ff427d3c3f266da121f6758b9bb910d82ec6774fa07588fe1f1c9de2b2b1cd92d8b9b1287696b4428e1b9e56a2c8d98a1ea0