Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
16/08/2023, 17:11
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe
Resource
win7-20230712-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe
-
Size
6.5MB
-
MD5
093835f9ff94f16e7e366bf2c231003d
-
SHA1
97d082663fa8d3031b8af9ae20f9fb8ad3fe312e
-
SHA256
b71b9fce1375705578c7047896381d9eb717c87e485113d972f943efba06237e
-
SHA512
6b30bf29abdd24d99bb7f17ae8fcdd8fefcb8d09d77692b65665348f8cfe1c299aaf050e29359b8ec69af46b85091e0cd75d3c153e65f931b48b67ce633804fa
-
SSDEEP
98304:3+5xKM1Woww2E5T3DoXSG8kM8pNhS9Yw8yp:wS7aTcXSL8Hwfp
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 2 IoCs
description ioc Process File created C:\windows\SysWOW64\drivers\spo0lve.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\windows\SysWOW64\drivers\spo0lve.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\spron = "C:\\Users\\Admin\\AppData\\Local\\Temp/093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe" 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Internet Explorer\ieinstal.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jre7\bin\kinit.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Mozilla Firefox\private_browsing.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jre7\bin\rmid.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Windows Media Player\setup_wm.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Windows Media Player\WMPSideShowGadget.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Internet Explorer\iexplore.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jre7\bin\ssvagent.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Windows Sidebar\sidebar.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jre7\bin\orbd.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Windows Media Player\WMPDMC.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jre7\bin\keytool.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jre7\bin\policytool.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jre7\lib\fontconfig.properties.src 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Windows Mail\wabmig.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\DVD Maker\DVDMaker.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Windows Media Player\wmpenc.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Windows Defender\MpCmdRun.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Windows Journal\Journal.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe -
Suspicious behavior: EnumeratesProcesses 25 IoCs
pid Process 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe 2224 093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe"C:\Users\Admin\AppData\Local\Temp\093835f9ff94f16e7e366bf2c231003d_icedid_JC.exe"1⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2224
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.5MB
MD51760baab568b94185d6a8c52e390d241
SHA1ed5bc1825ffabfeb55cc5e3006778da6af8b5aef
SHA25690185d4bf9246a9e2fae67a818407d904edfb14b8cebde9abc07db9d8ea618fc
SHA5124a3639e2843eea9b3e572a9e5d28677f22b6e9881bbafc8cf6484d2996e6b4bf6c26ac8c1382e8b2f386ef1924d370ce6406d078b16cb4548df6115ed764b9c5