d31f4d25c9a9997bafc2e979b12bebe8140e1aaed50ad17603243d04684906b8

Analysis

max time kernel
147s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
29/08/2023, 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8d4f7ea22262947a291dbc2bdb8797f_icedid_JC.exe
Size

7.5MB
MD5

d8d4f7ea22262947a291dbc2bdb8797f
SHA1

b5e2451daf3f64e43aebb530d560142c81eb766a
SHA256

d31f4d25c9a9997bafc2e979b12bebe8140e1aaed50ad17603243d04684906b8
SHA512

91ff2611774f7be26d15cc3076a9054fe37ac134ab3e8d43858f8a0b124dabecf0953fbaa4014693c00fe4f8b1bd7221635bc6cf5e3c1c66cd0d72ff5b30a7e1
SSDEEP

196608:gmY+yOJg84m2ts51P5RVUW/wtwEB2KUdXz/txRAwGztK8Zl:U8wm2IBRd/wtwEwKOBgZK6l

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2888	autorun.exe

Loads dropped DLL 4 IoCs

pid	Process
2516	d8d4f7ea22262947a291dbc2bdb8797f_icedid_JC.exe
2888	autorun.exe
2888	autorun.exe
2888	autorun.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2888	autorun.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2516	d8d4f7ea22262947a291dbc2bdb8797f_icedid_JC.exe
2888	autorun.exe
2888	autorun.exe
2888	autorun.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2888	2516	d8d4f7ea22262947a291dbc2bdb8797f_icedid_JC.exe	28
PID 2516 wrote to memory of 2888	2516	d8d4f7ea22262947a291dbc2bdb8797f_icedid_JC.exe	28
PID 2516 wrote to memory of 2888	2516	d8d4f7ea22262947a291dbc2bdb8797f_icedid_JC.exe	28
PID 2516 wrote to memory of 2888	2516	d8d4f7ea22262947a291dbc2bdb8797f_icedid_JC.exe	28
PID 2516 wrote to memory of 2888	2516	d8d4f7ea22262947a291dbc2bdb8797f_icedid_JC.exe	28
PID 2516 wrote to memory of 2888	2516	d8d4f7ea22262947a291dbc2bdb8797f_icedid_JC.exe	28
PID 2516 wrote to memory of 2888	2516	d8d4f7ea22262947a291dbc2bdb8797f_icedid_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\d8d4f7ea22262947a291dbc2bdb8797f_icedid_JC.exe
"C:\Users\Admin\AppData\Local\Temp\d8d4f7ea22262947a291dbc2bdb8797f_icedid_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
  "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\d8d4f7ea22262947a291dbc2bdb8797f_icedid_JC.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\Download\Download.lmd

Filesize
200KB

MD5
a649eb82e6d39e68a8eb468a4b049cfd

SHA1
10cfb3f5ad59c9b09804bbf46c29d0ac5ed15c26

SHA256
ea2adc07660fa2fbdde5c41c433ec6e9a395bef6ff1a76a6b848a77cb2f67563

SHA512
b8c51babac8bc70aba2d5b29f22ea8132cb28bcbea8b140e588e74448052eb6fe3e9fda64e240265815b3a78b4a578ace65789e604cd337198a28cfdf6dda92a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\Misfit.cjstyles

Filesize
753KB

MD5
0870f7f36a240bac4b8e543715444992

SHA1
8d7ba5fb5625626c7de5c32cdc9425ec3e059399

SHA256
575fdcb1d8af719fd15326326ac8eca414565922d155422de5becad55c11373a

SHA512
97cda99a5d7c1f1ed24be1c9e86c0004f4e3297e6eb99ad271428d7bc54011f959715421b46ceffed753b8a732e3cc54daed0f2472ccc0c71b2010006ea93689

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd

Filesize
1.7MB

MD5
5b9dce90d6e8f66d4e2e4fe998a8617a

SHA1
de45da4821b2998600bb37666748c19acdaf04ea

SHA256
0a6c05496b631aba6d0941468a58fbd95f1efe4f24116ca55f32aed3bce66020

SHA512
4ac5da991e60cae84d76b15ca18d09f5970501a05f89915b0f864504edb940e4ab692a296e3c79b7df0b7f693b9766c95da9023ee9d5e9ad90559468749cb64b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
6.1MB

MD5
8ef0c3a6d671a0321991896b1dd8abbe

SHA1
48cbe2c07960fccaf0009e70ceda78b59752c031

SHA256
5994c41eaa0a5de5143b40644371581aeb77ef7c1c68840aa16784ef8bf13dce

SHA512
8c3b2c79a6a3d5a399ffbc9b4b3957da4df5bf710c8b784447a86b9569e619cdaf10d117ec211cc6747d2e9f991242c01098963451a8d15de740dfb8bdbfae97

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
6.1MB

MD5
8ef0c3a6d671a0321991896b1dd8abbe

SHA1
48cbe2c07960fccaf0009e70ceda78b59752c031

SHA256
5994c41eaa0a5de5143b40644371581aeb77ef7c1c68840aa16784ef8bf13dce

SHA512
8c3b2c79a6a3d5a399ffbc9b4b3957da4df5bf710c8b784447a86b9569e619cdaf10d117ec211cc6747d2e9f991242c01098963451a8d15de740dfb8bdbfae97

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
6.1MB

MD5
8ef0c3a6d671a0321991896b1dd8abbe

SHA1
48cbe2c07960fccaf0009e70ceda78b59752c031

SHA256
5994c41eaa0a5de5143b40644371581aeb77ef7c1c68840aa16784ef8bf13dce

SHA512
8c3b2c79a6a3d5a399ffbc9b4b3957da4df5bf710c8b784447a86b9569e619cdaf10d117ec211cc6747d2e9f991242c01098963451a8d15de740dfb8bdbfae97

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\cd.ico

Filesize
24KB

MD5
a8fafed52da2ffe7abfba2cf2a699544

SHA1
6f622eabce9653b84c5bf69117adf3b8a29b43f0

SHA256
10c5b851067e404c44f52ebe15d6197643c529920b994ce593376ecfbd69a325

SHA512
426690526230eb7bce7983e3c61ac441b7bdf8df9154df81c88adb5275a213edb3a4b61b44ad15c5451b09e2f49da87bc4edf2e8b76b706ef9004280bf2c038d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\cd.ico

Filesize
24KB

MD5
a8fafed52da2ffe7abfba2cf2a699544

SHA1
6f622eabce9653b84c5bf69117adf3b8a29b43f0

SHA256
10c5b851067e404c44f52ebe15d6197643c529920b994ce593376ecfbd69a325

SHA512
426690526230eb7bce7983e3c61ac441b7bdf8df9154df81c88adb5275a213edb3a4b61b44ad15c5451b09e2f49da87bc4edf2e8b76b706ef9004280bf2c038d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

Filesize
318KB

MD5
feef4703e27d5f36517dcd1d4fd7d2b4

SHA1
25962c4f6523b27394133682b9ebb4b3e3e8bb6d

SHA256
2f54d57bcfa726de8a37942cb3d166a1a171f5dc555cc30e7e6f62ac66f85076

SHA512
160729b3f79b46198b88dbee511edd6378f1ed4e081a245b0596d9b9d8b610288ea9791d49bd6e2de2bc262f1c1e3c987fdabf18b7e2a025fa1808d319719501

Download Submit
\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\Download\Download.lmd

Filesize
200KB

MD5
a649eb82e6d39e68a8eb468a4b049cfd

SHA1
10cfb3f5ad59c9b09804bbf46c29d0ac5ed15c26

SHA256
ea2adc07660fa2fbdde5c41c433ec6e9a395bef6ff1a76a6b848a77cb2f67563

SHA512
b8c51babac8bc70aba2d5b29f22ea8132cb28bcbea8b140e588e74448052eb6fe3e9fda64e240265815b3a78b4a578ace65789e604cd337198a28cfdf6dda92a

Download Submit
\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\Misfit.cjstyles

Filesize
753KB

MD5
0870f7f36a240bac4b8e543715444992

SHA1
8d7ba5fb5625626c7de5c32cdc9425ec3e059399

SHA256
575fdcb1d8af719fd15326326ac8eca414565922d155422de5becad55c11373a

SHA512
97cda99a5d7c1f1ed24be1c9e86c0004f4e3297e6eb99ad271428d7bc54011f959715421b46ceffed753b8a732e3cc54daed0f2472ccc0c71b2010006ea93689

Download Submit
\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
6.1MB

MD5
8ef0c3a6d671a0321991896b1dd8abbe

SHA1
48cbe2c07960fccaf0009e70ceda78b59752c031

SHA256
5994c41eaa0a5de5143b40644371581aeb77ef7c1c68840aa16784ef8bf13dce

SHA512
8c3b2c79a6a3d5a399ffbc9b4b3957da4df5bf710c8b784447a86b9569e619cdaf10d117ec211cc6747d2e9f991242c01098963451a8d15de740dfb8bdbfae97

Download Submit
\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

Filesize
318KB

MD5
feef4703e27d5f36517dcd1d4fd7d2b4

SHA1
25962c4f6523b27394133682b9ebb4b3e3e8bb6d

SHA256
2f54d57bcfa726de8a37942cb3d166a1a171f5dc555cc30e7e6f62ac66f85076

SHA512
160729b3f79b46198b88dbee511edd6378f1ed4e081a245b0596d9b9d8b610288ea9791d49bd6e2de2bc262f1c1e3c987fdabf18b7e2a025fa1808d319719501

Download Submit
memory/2888-86-0x0000000074D40000-0x0000000074D5C000-memory.dmp

Filesize
112KB

Download
memory/2888-93-0x0000000074B40000-0x0000000074B4F000-memory.dmp

Filesize
60KB

Download
memory/2888-63-0x00000000769D0000-0x0000000076A27000-memory.dmp

Filesize
348KB

Download
memory/2888-64-0x00000000756E0000-0x000000007632A000-memory.dmp

Filesize
12.3MB

Download
memory/2888-65-0x0000000074F60000-0x0000000074FB1000-memory.dmp

Filesize
324KB

Download
memory/2888-66-0x0000000077030000-0x000000007718C000-memory.dmp

Filesize
1.4MB

Download
memory/2888-67-0x0000000076820000-0x00000000768AF000-memory.dmp

Filesize
572KB

Download
memory/2888-68-0x0000000076A30000-0x0000000076B54000-memory.dmp

Filesize
1.1MB

Download
memory/2888-69-0x00000000753A0000-0x00000000755B5000-memory.dmp

Filesize
2.1MB

Download
memory/2888-70-0x0000000074BB0000-0x0000000074D40000-memory.dmp

Filesize
1.6MB

Download
memory/2888-71-0x0000000076950000-0x000000007697A000-memory.dmp

Filesize
168KB

Download
memory/2888-72-0x0000000074AB0000-0x0000000074B3D000-memory.dmp

Filesize
564KB

Download
memory/2888-73-0x00000000749A0000-0x0000000074A34000-memory.dmp

Filesize
592KB

Download
memory/2888-74-0x0000000074860000-0x0000000074955000-memory.dmp

Filesize
980KB

Download
memory/2888-75-0x0000000076CC0000-0x0000000076E5D000-memory.dmp

Filesize
1.6MB

Download
memory/2888-76-0x0000000074730000-0x00000000747A2000-memory.dmp

Filesize
456KB

Download
memory/2888-77-0x0000000000400000-0x0000000000A64000-memory.dmp

Filesize
6.4MB

Download
memory/2888-79-0x0000000075640000-0x00000000756E0000-memory.dmp

Filesize
640KB

Download
memory/2888-80-0x0000000074ED0000-0x0000000074ED9000-memory.dmp

Filesize
36KB

Download
memory/2888-78-0x0000000075200000-0x0000000075232000-memory.dmp

Filesize
200KB

Download
memory/2888-81-0x00000000772D0000-0x000000007734B000-memory.dmp

Filesize
492KB

Download
memory/2888-82-0x00000000769D0000-0x0000000076A27000-memory.dmp

Filesize
348KB

Download
memory/2888-83-0x0000000074FC0000-0x000000007515E000-memory.dmp

Filesize
1.6MB

Download
memory/2888-84-0x00000000756E0000-0x000000007632A000-memory.dmp

Filesize
12.3MB

Download
memory/2888-85-0x0000000074F60000-0x0000000074FB1000-memory.dmp

Filesize
324KB

Download
memory/2888-61-0x0000000076430000-0x00000000764CD000-memory.dmp

Filesize
628KB

Download
memory/2888-87-0x0000000077030000-0x000000007718C000-memory.dmp

Filesize
1.4MB

Download
memory/2888-89-0x0000000076A30000-0x0000000076B54000-memory.dmp

Filesize
1.1MB

Download
memory/2888-90-0x00000000753A0000-0x00000000755B5000-memory.dmp

Filesize
2.1MB

Download
memory/2888-88-0x0000000076820000-0x00000000768AF000-memory.dmp

Filesize
572KB

Download
memory/2888-91-0x0000000074BB0000-0x0000000074D40000-memory.dmp

Filesize
1.6MB

Download
memory/2888-62-0x0000000075640000-0x00000000756E0000-memory.dmp

Filesize
640KB

Download
memory/2888-95-0x0000000074D70000-0x0000000074DBC000-memory.dmp

Filesize
304KB

Download
memory/2888-97-0x00000000749A0000-0x0000000074A34000-memory.dmp

Filesize
592KB

Download
memory/2888-92-0x0000000074B50000-0x0000000074B69000-memory.dmp

Filesize
100KB

Download
memory/2888-98-0x0000000074960000-0x0000000074999000-memory.dmp

Filesize
228KB

Download
memory/2888-100-0x0000000076CC0000-0x0000000076E5D000-memory.dmp

Filesize
1.6MB

Download
memory/2888-102-0x0000000074730000-0x00000000747A2000-memory.dmp

Filesize
456KB

Download
memory/2888-101-0x00000000747D0000-0x0000000074806000-memory.dmp

Filesize
216KB

Download
memory/2888-99-0x0000000074860000-0x0000000074955000-memory.dmp

Filesize
980KB

Download
memory/2888-103-0x0000000077240000-0x00000000772C3000-memory.dmp

Filesize
524KB

Download
memory/2888-105-0x0000000075200000-0x0000000075232000-memory.dmp

Filesize
200KB

Download
memory/2888-104-0x0000000000400000-0x0000000000A64000-memory.dmp

Filesize
6.4MB

Download
memory/2888-107-0x0000000075640000-0x00000000756E0000-memory.dmp

Filesize
640KB

Download
memory/2888-109-0x00000000769D0000-0x0000000076A27000-memory.dmp

Filesize
348KB

Download
memory/2888-110-0x0000000074FC0000-0x000000007515E000-memory.dmp

Filesize
1.6MB

Download
memory/2888-113-0x0000000076A30000-0x0000000076B54000-memory.dmp

Filesize
1.1MB

Download
memory/2888-114-0x00000000753A0000-0x00000000755B5000-memory.dmp

Filesize
2.1MB

Download
memory/2888-116-0x0000000074B40000-0x0000000074B4F000-memory.dmp

Filesize
60KB

Download
memory/2888-117-0x0000000074AB0000-0x0000000074B3D000-memory.dmp

Filesize
564KB

Download
memory/2888-118-0x0000000074A60000-0x0000000074A72000-memory.dmp

Filesize
72KB

Download
memory/2888-121-0x0000000074960000-0x0000000074999000-memory.dmp

Filesize
228KB

Download
memory/2888-123-0x0000000076CC0000-0x0000000076E5D000-memory.dmp

Filesize
1.6MB

Download
memory/2888-124-0x0000000076920000-0x0000000076947000-memory.dmp

Filesize
156KB

Download
memory/2888-122-0x0000000074860000-0x0000000074955000-memory.dmp

Filesize
980KB

Download
memory/2888-120-0x0000000074A40000-0x0000000074A53000-memory.dmp

Filesize
76KB

Download
memory/2888-125-0x0000000074700000-0x0000000074725000-memory.dmp

Filesize
148KB

Download
memory/2888-115-0x0000000074B50000-0x0000000074B69000-memory.dmp

Filesize
100KB

Download
memory/2888-112-0x0000000076820000-0x00000000768AF000-memory.dmp

Filesize
572KB

Download
memory/2888-111-0x0000000074F60000-0x0000000074FB1000-memory.dmp

Filesize
324KB

Download
memory/2888-108-0x00000000772D0000-0x000000007734B000-memory.dmp

Filesize
492KB

Download
memory/2888-106-0x0000000076430000-0x00000000764CD000-memory.dmp

Filesize
628KB

Download
memory/2888-60-0x0000000075200000-0x0000000075232000-memory.dmp

Filesize
200KB

Download
memory/2888-59-0x0000000010000000-0x0000000010053000-memory.dmp

Filesize
332KB

Download