Analysis
-
max time kernel
85s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
30-04-2023 04:05
Behavioral task
behavioral1
Sample
2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
Resource
win7-20230220-en
General
-
Target
2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
-
Size
13.5MB
-
MD5
084b53f7a0920e455110e6d976c2289b
-
SHA1
5ec3b3f22afd4c29c3c39aaf227b9f9f6678913c
-
SHA256
36cb93e2d5dfa498df7eee7c14361597d2e838e6b702b6918c8cf3664adf979e
-
SHA512
a77586d05867b715ea7e4711d4ad1fbd5b91ab869a1d1a2782fa658df999b41bd88baebca5b7f1031e291c3baf24679470cb21340f9b33ce11ffd88d945dbbf2
-
SSDEEP
393216:a9yHhd/Ez8IPjlg9wn3NWD3/Dx7okxWmU8U7:awBd/c8UgoMDxMHmU8u
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exepid process 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe -
Drops file in Windows directory 1 IoCs
Processes:
2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exedescription ioc process File created C:\Windows\Media\xminfo.wav 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exepid process 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exedescription pid process Token: SeDebugPrivilege 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe Token: SeDebugPrivilege 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe Token: SeDebugPrivilege 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exepid process 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe 1112 2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2023-04-29_084b53f7a0920e455110e6d976c2289b_hacktools_icedid.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\ÌìÁúСÃÛ\ÔËÐÐÎļþ\QYCJ.dllFilesize
3.0MB
MD554da9cb20347baec926b6678f8efb3ab
SHA118ca10861aa561c56666270cca7fd44c73c28d72
SHA256038675d5ee0b22a17a12646ba9cf3fcffd0a2acfb712c1953102671774a82390
SHA512e4608ef1875e2dd46c1352d5e750178ce439725a6b190d37a14decb7e960428841ea3ef5e17488226f9bcfc6d58793cb254f142ba4f54cd316c9cbee50cae77b
-
memory/1112-73-0x0000000002E30000-0x0000000002F30000-memory.dmpFilesize
1024KB
-
memory/1112-78-0x0000000003460000-0x0000000003461000-memory.dmpFilesize
4KB
-
memory/1112-79-0x0000000003460000-0x0000000003461000-memory.dmpFilesize
4KB
-
memory/1112-80-0x0000000003460000-0x0000000003461000-memory.dmpFilesize
4KB
-
memory/1112-81-0x00000000040E0000-0x000000000472C000-memory.dmpFilesize
6.3MB