8e40e7a7d5d5a927185de8595aff97e2c96ff6315b90d01db8597b6b377498f8

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
28-08-2023 15:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bae31b80370a77abecbc927f07cbc46a_icedid_JC.exe
Size

988KB
MD5

bae31b80370a77abecbc927f07cbc46a
SHA1

6e0c777e980e6bee5f84b3d51d146d9ec9717271
SHA256

8e40e7a7d5d5a927185de8595aff97e2c96ff6315b90d01db8597b6b377498f8
SHA512

158e98a6505b2231cd7c6636ab6471eebdce24235e1fea5a736384575ab43b388e1a7c28af6809cf3862e64fdea962c9672a9b59d5af803f8c45ce96073d356f
SSDEEP

6144:mTZrAvSecbESLdwBlVJC38S+67yT0wFKAt/FbdRmY3EPt/c:mTZrAvSecb3dwBrJA8v67yPFlTEPt/c

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main	bae31b80370a77abecbc927f07cbc46a_icedid_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	bae31b80370a77abecbc927f07cbc46a_icedid_JC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-377084978-2088738870-2818360375-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	bae31b80370a77abecbc927f07cbc46a_icedid_JC.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2468	bae31b80370a77abecbc927f07cbc46a_icedid_JC.exe
2468	bae31b80370a77abecbc927f07cbc46a_icedid_JC.exe
2468	bae31b80370a77abecbc927f07cbc46a_icedid_JC.exe
2468	bae31b80370a77abecbc927f07cbc46a_icedid_JC.exe

C:\Users\Admin\AppData\Local\Temp\bae31b80370a77abecbc927f07cbc46a_icedid_JC.exe
"C:\Users\Admin\AppData\Local\Temp\bae31b80370a77abecbc927f07cbc46a_icedid_JC.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\swb_interface\bae31b80370a77abecbc927f07cbc46a_icedid_JC.exe_step0.html

Filesize
1KB

MD5
6c66f9494c36175ea3099e0d9e4d2730

SHA1
4be1781c3787bb9a5c944792c291611ee72a9821

SHA256
2c7b3d85ae2a8fb5647c447651ed088c66b5a0b7804bea064065c3740d34b43c

SHA512
8060abc4cf2084f428385287e158bd8ec41db03ff4a77095b252a93c248ec994e712d7a77c2fd4658c042ada2b869d0a85a67c269b6881e2bc131e7c4311eb61

Download Submit