36cb93e2d5dfa498df7eee7c14361597d2e838e6b702b6918c8cf3664adf979e

Analysis

max time kernel
85s
max time network
143s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30-04-2023 04:05

Target

2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
Size

13.5MB
MD5

084b53f7a0920e455110e6d976c2289b
SHA1

5ec3b3f22afd4c29c3c39aaf227b9f9f6678913c
SHA256

36cb93e2d5dfa498df7eee7c14361597d2e838e6b702b6918c8cf3664adf979e
SHA512

a77586d05867b715ea7e4711d4ad1fbd5b91ab869a1d1a2782fa658df999b41bd88baebca5b7f1031e291c3baf24679470cb21340f9b33ce11ffd88d945dbbf2
SSDEEP

393216:a9yHhd/Ez8IPjlg9wn3NWD3/Dx7okxWmU8U7:awBd/c8UgoMDxMHmU8u

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe

pid process

1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
Drops file in Windows directory 1 IoCs

Processes:

2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe

description ioc process

File created C:\Windows\Media\xminfo.wav 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File created	C:\Windows\Media\xminfo.wav	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe

pid	process
1112	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
1112	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
1112	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
1112	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
1112	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
1112	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
1112	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
1112	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe

description	pid	process
Token: SeDebugPrivilege	1112	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
Token: SeDebugPrivilege	1112	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
Token: SeDebugPrivilege	1112	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe

pid	process
1112	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
1112	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
1112	2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

\ÌìÁúÐ¡ÃÛ\ÔËÐÐÎÄ¼þ\QYCJ.dll
Filesize
3.0MB

MD5
54da9cb20347baec926b6678f8efb3ab

SHA1
18ca10861aa561c56666270cca7fd44c73c28d72

SHA256
038675d5ee0b22a17a12646ba9cf3fcffd0a2acfb712c1953102671774a82390

SHA512
e4608ef1875e2dd46c1352d5e750178ce439725a6b190d37a14decb7e960428841ea3ef5e17488226f9bcfc6d58793cb254f142ba4f54cd316c9cbee50cae77b

Download Submit
memory/1112-73-0x0000000002E30000-0x0000000002F30000-memory.dmp

Filesize
1024KB

Download
memory/1112-78-0x0000000003460000-0x0000000003461000-memory.dmp

Filesize
4KB

Download
memory/1112-79-0x0000000003460000-0x0000000003461000-memory.dmp

Filesize
4KB

Download
memory/1112-80-0x0000000003460000-0x0000000003461000-memory.dmp

Filesize
4KB

Download
memory/1112-81-0x00000000040E0000-0x000000000472C000-memory.dmp

Filesize
6.3MB

Download