f6657c7c4b957035315b4a72aa084e899363c9cffa96df3d156fa8fa00218f50

Analysis

max time kernel
138s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78ca6ed4c623164d5abb1a47eb46f564_icedid_JC.exe
Size

15.2MB
MD5

78ca6ed4c623164d5abb1a47eb46f564
SHA1

391335d5a1196a6bfb6bd40b2e5161f79ac48958
SHA256

f6657c7c4b957035315b4a72aa084e899363c9cffa96df3d156fa8fa00218f50
SHA512

0ae5d0e4fc3b921b94633f6392dda08252bc12e700c65d4ed8b176770aa777e6ad3c060b10511afd6b5115ad62c9e0e78eafc3fbaa549f47c64efa906167e100
SSDEEP

393216:56shGBzQzEZzeF9ok8y4qLco0QwA23pj/vLVl9r5iAqG5j/Yz:g3zssOopqc2o3pjnhj5XqyS

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4232	autorun.exe

Loads dropped DLL 10 IoCs

pid	Process
4232	autorun.exe
4232	autorun.exe
4232	autorun.exe
4232	autorun.exe
4232	autorun.exe
4232	autorun.exe
4232	autorun.exe
4232	autorun.exe
4232	autorun.exe
4232	autorun.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1848	4232	WerFault.exe	80

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2300	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2300	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3328	78ca6ed4c623164d5abb1a47eb46f564_icedid_JC.exe
4232	autorun.exe
4232	autorun.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 4232	3328	78ca6ed4c623164d5abb1a47eb46f564_icedid_JC.exe	80
PID 3328 wrote to memory of 4232	3328	78ca6ed4c623164d5abb1a47eb46f564_icedid_JC.exe	80
PID 3328 wrote to memory of 4232	3328	78ca6ed4c623164d5abb1a47eb46f564_icedid_JC.exe	80

C:\Users\Admin\AppData\Local\Temp\78ca6ed4c623164d5abb1a47eb46f564_icedid_JC.exe
"C:\Users\Admin\AppData\Local\Temp\78ca6ed4c623164d5abb1a47eb46f564_icedid_JC.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
  "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\78ca6ed4c623164d5abb1a47eb46f564_icedid_JC.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4232
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 2528
    3⤵
    - Program crash
    PID:1848

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x494
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4232 -ip 4232
1⤵
PID:4536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\7zip\7za.dll

Filesize
1.9MB

MD5
92b755ac8ae195a8534006d8ac30be07

SHA1
428fdfb644ae52619254b7783a4543ad3f8c5011

SHA256
e77f9ccc8f8471d2d5efeac6fe28d561bc6d57b600285991010b56328ab7048c

SHA512
794cea7e568c16c95456e4e047f8d24db213e73ce03b7a6f110d38cfe5588c5147f2b2c6b9acc629b5acd9b0111735887f7f46b374daa294e2aeaebfa7a8805f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\7zip\7za.exe

Filesize
2.4MB

MD5
d1020c1872d3d831c3c44445fc1339ca

SHA1
331ef4bb4115664df04a6ee5c623ed5d7d1b80ef

SHA256
47223eb5df155df56903d16dd0eee8e09e8e26c8503e996c4a76c9bd0d2c0d29

SHA512
8d341b9ff4c807eed7609cc975b64c95fbd298cc6614130e49c71ca61c846fd6d281e430aebedfc724098e1e2bfe126977d944c58b114977ca76f4b846275695

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\Clipboard\Clipboard.lmd

Filesize
1.5MB

MD5
35680673837110844c72bf6ed8eb6202

SHA1
3c9c1276ed0bbfa48e478a55e06a5e5cf826f437

SHA256
ed696486a267df27c3d16e1c360ab0221f6dda9c76e70fce0ca4b74bdd22da6b

SHA512
2fb9b08381fdc9a8f2c6e6881ddd0ed455e4117e219fd42bcecdf210d6e4410791dc6c0d025d7fd231e658fdc04bb0967df7c501703ebbd7316684c231ec73a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\Clipboard\Clipboard.lmd

Filesize
1.5MB

MD5
35680673837110844c72bf6ed8eb6202

SHA1
3c9c1276ed0bbfa48e478a55e06a5e5cf826f437

SHA256
ed696486a267df27c3d16e1c360ab0221f6dda9c76e70fce0ca4b74bdd22da6b

SHA512
2fb9b08381fdc9a8f2c6e6881ddd0ed455e4117e219fd42bcecdf210d6e4410791dc6c0d025d7fd231e658fdc04bb0967df7c501703ebbd7316684c231ec73a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\MemoryEx\MemoryEx.lmd

Filesize
209KB

MD5
c02d1d44d7964401c32a3ae8fc53626d

SHA1
964b85c9909a380c50c73986cb9320a6e22a5dc0

SHA256
27285da6ef832cc608b8f921406cb8e38d2a54231fd0fb8d8cd49b77ceac9dcd

SHA512
6da661825bedd4d5167a10f3c896b4b232beb48614b0f5b6f32dfba1d91d7ad318251644069b05a046beef4eebc06ef9a3ffb567458ed472ab9c00b91345af14

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\MemoryEx\MemoryEx.lmd

Filesize
209KB

MD5
c02d1d44d7964401c32a3ae8fc53626d

SHA1
964b85c9909a380c50c73986cb9320a6e22a5dc0

SHA256
27285da6ef832cc608b8f921406cb8e38d2a54231fd0fb8d8cd49b77ceac9dcd

SHA512
6da661825bedd4d5167a10f3c896b4b232beb48614b0f5b6f32dfba1d91d7ad318251644069b05a046beef4eebc06ef9a3ffb567458ed472ab9c00b91345af14

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\MemoryEx\MemoryEx.lmd

Filesize
209KB

MD5
c02d1d44d7964401c32a3ae8fc53626d

SHA1
964b85c9909a380c50c73986cb9320a6e22a5dc0

SHA256
27285da6ef832cc608b8f921406cb8e38d2a54231fd0fb8d8cd49b77ceac9dcd

SHA512
6da661825bedd4d5167a10f3c896b4b232beb48614b0f5b6f32dfba1d91d7ad318251644069b05a046beef4eebc06ef9a3ffb567458ed472ab9c00b91345af14

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\WINDOWRESIZER\WINDOWRESIZER.APO

Filesize
2.4MB

MD5
375c7aa322ca49d82f12ef565151579b

SHA1
2cb8961304c0484c36e855403ccd218a62c822ff

SHA256
dfd8d4ed886bb683f0a1a760aef9b4a4238b36b7417b5893dfb8f53cfcb76c78

SHA512
728f42960d3c402a3eb05ec4474aa7c5004f7ef2ed3310e48e340cd32a918703888cd0702bf347826b4064283640e9d2dfe45923a6f243786171a7d0969093d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\WindowResizer\WindowResizer.apo

Filesize
2.4MB

MD5
375c7aa322ca49d82f12ef565151579b

SHA1
2cb8961304c0484c36e855403ccd218a62c822ff

SHA256
dfd8d4ed886bb683f0a1a760aef9b4a4238b36b7417b5893dfb8f53cfcb76c78

SHA512
728f42960d3c402a3eb05ec4474aa7c5004f7ef2ed3310e48e340cd32a918703888cd0702bf347826b4064283640e9d2dfe45923a6f243786171a7d0969093d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Scripts\LIBMYSQL.dll

Filesize
1.4MB

MD5
fd68c1ec56237484ad361250813f2465

SHA1
9e2b616ed7ecf26a3c5b21a879b1b8d28d6b2f0c

SHA256
15f6755c427720158d7933dcd864825f58bc739cacee77df9aa3410b8dc87353

SHA512
a0dcc12898d582fdf711369edf851dd36d58487b129e10e11d4905b41d4919e7c69a447510e010e0a65b3f6b45f80910451f00565ad569628de10d6a8fa0bf83

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Scripts\libmysql.dll

Filesize
1.4MB

MD5
fd68c1ec56237484ad361250813f2465

SHA1
9e2b616ed7ecf26a3c5b21a879b1b8d28d6b2f0c

SHA256
15f6755c427720158d7933dcd864825f58bc739cacee77df9aa3410b8dc87353

SHA512
a0dcc12898d582fdf711369edf851dd36d58487b129e10e11d4905b41d4919e7c69a447510e010e0a65b3f6b45f80910451f00565ad569628de10d6a8fa0bf83

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Scripts\libmysql.dll

Filesize
1.4MB

MD5
fd68c1ec56237484ad361250813f2465

SHA1
9e2b616ed7ecf26a3c5b21a879b1b8d28d6b2f0c

SHA256
15f6755c427720158d7933dcd864825f58bc739cacee77df9aa3410b8dc87353

SHA512
a0dcc12898d582fdf711369edf851dd36d58487b129e10e11d4905b41d4919e7c69a447510e010e0a65b3f6b45f80910451f00565ad569628de10d6a8fa0bf83

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Scripts\luasql\mysql.dll

Filesize
84KB

MD5
fcdece81068de0d7c3b984e73e5b34a8

SHA1
5f44df8f7734f763e8412d566a5b00e7c988bd6a

SHA256
836c35889d9e637c2e32fb400b7d811e05789a2117b41727d45e7dc5efca5927

SHA512
e45cfe0a11a8da4d3fee87d614f1d050d76011fd46d7b3c848e6e21795ad10c4f7ed9cc3f6dc214803b786fe1e723d0f36f979ad6b3ca59356d86403e8ccb0b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Scripts\luasql\mysql.dll

Filesize
84KB

MD5
fcdece81068de0d7c3b984e73e5b34a8

SHA1
5f44df8f7734f763e8412d566a5b00e7c988bd6a

SHA256
836c35889d9e637c2e32fb400b7d811e05789a2117b41727d45e7dc5efca5927

SHA512
e45cfe0a11a8da4d3fee87d614f1d050d76011fd46d7b3c848e6e21795ad10c4f7ed9cc3f6dc214803b786fe1e723d0f36f979ad6b3ca59356d86403e8ccb0b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd

Filesize
1.6MB

MD5
dad5c9274f9008c9970609c2f410f334

SHA1
8ddfa48843e66324c8cdab45d31c8e4da13a6be4

SHA256
33deade7416cfd0bcadb7ec693bfd45a7fcd89b8c11b7fc9532fa4e5bd3e586d

SHA512
47cdb045402323c1d884f61fca2e7c52f0d9738e7400d20403e479a0fb150e7907cce6486de7b532640cfb01f5eca118dcab68104219301e0ef6c36c562c5a43

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\MDM.ico

Filesize
258KB

MD5
128a9ce870127d48d775c8e516206f62

SHA1
8617915d3811214b648e9397058256967b13cd4c

SHA256
3191064184dbffd6da4216081d88dbd28a438e3532d7d6e9e0c4c48a3687e35d

SHA512
1cb9ff439035d0101ba11c4aae3416f1eb100f545f267e6f006bc02e2527cfa504d9079259dbd23dfb6a9cc37f0b8b0bf48fcfb146a16f4ce43a7891a9854551

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\MDM.ico

Filesize
258KB

MD5
128a9ce870127d48d775c8e516206f62

SHA1
8617915d3811214b648e9397058256967b13cd4c

SHA256
3191064184dbffd6da4216081d88dbd28a438e3532d7d6e9e0c4c48a3687e35d

SHA512
1cb9ff439035d0101ba11c4aae3416f1eb100f545f267e6f006bc02e2527cfa504d9079259dbd23dfb6a9cc37f0b8b0bf48fcfb146a16f4ce43a7891a9854551

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
6.4MB

MD5
3dd52b8ddd7b09bcec749120c47fd288

SHA1
d2fb4b80da6589b15c273c87936af668bf89aac1

SHA256
03b7ac1f4cf81bf30baaafb570f215a1c13150101d2dae9bc5c846cd8b446c01

SHA512
304c516d3f845e6b0925ea3e5ba14ea3f85654b4bf286ddfe3327bbc7f5ff5f71c06d3f342e45012276bb28f71292d15dd670a582ccda28dcfae4b654373a524

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
6.4MB

MD5
3dd52b8ddd7b09bcec749120c47fd288

SHA1
d2fb4b80da6589b15c273c87936af668bf89aac1

SHA256
03b7ac1f4cf81bf30baaafb570f215a1c13150101d2dae9bc5c846cd8b446c01

SHA512
304c516d3f845e6b0925ea3e5ba14ea3f85654b4bf286ddfe3327bbc7f5ff5f71c06d3f342e45012276bb28f71292d15dd670a582ccda28dcfae4b654373a524

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

Filesize
327KB

MD5
50f1d9f2093914c7712068608f3d66f2

SHA1
c38c655526b9ba929f01259cd35abb65744448f0

SHA256
ebeb211dfe4fce993d63206b2e3f284b569274db4730a8ee341ee81eccac9a5f

SHA512
07841d260770288f34b3e6413f6044742d82794d0812d9d58ebb2b881f935ee7661c94acddcf3a25817a98168789de0e0e0a98baaddbac2ec097a3efdd22c9ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

Filesize
327KB

MD5
50f1d9f2093914c7712068608f3d66f2

SHA1
c38c655526b9ba929f01259cd35abb65744448f0

SHA256
ebeb211dfe4fce993d63206b2e3f284b569274db4730a8ee341ee81eccac9a5f

SHA512
07841d260770288f34b3e6413f6044742d82794d0812d9d58ebb2b881f935ee7661c94acddcf3a25817a98168789de0e0e0a98baaddbac2ec097a3efdd22c9ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua51.dll

Filesize
22KB

MD5
e1ec4dffc4d737e6e87d797a96692b24

SHA1
256cfe42f6374ecbc7e8cad3b421bef5a6a98e06

SHA256
4c06c1fe4d85f014b03bca843137d387510bedd52e3ec755edee878e0fabcee9

SHA512
710c1349ed1f24e7e89b0b7905f91ab84c6208216a95a24cd26a38db6c8282d6545eab6a2e4389fffdd502bcc020089591b7921552683accbe57ff2da6d0b4b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua51.dll

Filesize
22KB

MD5
e1ec4dffc4d737e6e87d797a96692b24

SHA1
256cfe42f6374ecbc7e8cad3b421bef5a6a98e06

SHA256
4c06c1fe4d85f014b03bca843137d387510bedd52e3ec755edee878e0fabcee9

SHA512
710c1349ed1f24e7e89b0b7905f91ab84c6208216a95a24cd26a38db6c8282d6545eab6a2e4389fffdd502bcc020089591b7921552683accbe57ff2da6d0b4b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua51.dll

Filesize
22KB

MD5
e1ec4dffc4d737e6e87d797a96692b24

SHA1
256cfe42f6374ecbc7e8cad3b421bef5a6a98e06

SHA256
4c06c1fe4d85f014b03bca843137d387510bedd52e3ec755edee878e0fabcee9

SHA512
710c1349ed1f24e7e89b0b7905f91ab84c6208216a95a24cd26a38db6c8282d6545eab6a2e4389fffdd502bcc020089591b7921552683accbe57ff2da6d0b4b2

Download Submit
C:\pegasus\7zip\7za.dll

Filesize
1.9MB

MD5
92b755ac8ae195a8534006d8ac30be07

SHA1
428fdfb644ae52619254b7783a4543ad3f8c5011

SHA256
e77f9ccc8f8471d2d5efeac6fe28d561bc6d57b600285991010b56328ab7048c

SHA512
794cea7e568c16c95456e4e047f8d24db213e73ce03b7a6f110d38cfe5588c5147f2b2c6b9acc629b5acd9b0111735887f7f46b374daa294e2aeaebfa7a8805f

Download Submit
C:\pegasus\7zip\7za.exe

Filesize
2.4MB

MD5
d1020c1872d3d831c3c44445fc1339ca

SHA1
331ef4bb4115664df04a6ee5c623ed5d7d1b80ef

SHA256
47223eb5df155df56903d16dd0eee8e09e8e26c8503e996c4a76c9bd0d2c0d29

SHA512
8d341b9ff4c807eed7609cc975b64c95fbd298cc6614130e49c71ca61c846fd6d281e430aebedfc724098e1e2bfe126977d944c58b114977ca76f4b846275695

Download Submit
memory/4232-483-0x00000000041B0000-0x0000000004315000-memory.dmp

Filesize
1.4MB

Download
memory/4232-489-0x0000000004370000-0x00000000043A8000-memory.dmp

Filesize
224KB

Download