Analysis

  • max time kernel
    220s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 18:39

General

  • Target

    2022-11-23_eaf4fb45b88191885d2d713e22f31570_icedid.exe

  • Size

    3.8MB

  • MD5

    eaf4fb45b88191885d2d713e22f31570

  • SHA1

    6ce60575e53371757caeb34f5d38ff20515e4334

  • SHA256

    46ae2c723f1e09508add028efa57ea096ddf612ade94138ffef8785cec91b4ee

  • SHA512

    9c76c9768f1a42b90c1b05b76c560078f26fb1bd75fea98786a483e1adbf5925d84319fe75e4f9a9edb7278cbb5de34b4e1ff3331b4ff577eb8523455aa5f520

  • SSDEEP

    49152:PHm90pQ3ZFePUeMJ6GlrsfrBEuDl1mRU+9SUh5WYyqPbDq17n8TlO:PH+Gc5lrsl1mRU+9OYnPHgb8TY

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
  • Modifies registry class 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2022-11-23_eaf4fb45b88191885d2d713e22f31570_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2022-11-23_eaf4fb45b88191885d2d713e22f31570_icedid.exe"
    1⤵
    • Installs/modifies Browser Helper Object
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1740

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1740-54-0x0000000075E81000-0x0000000075E83000-memory.dmp

    Filesize

    8KB