Analysis

  • max time kernel
    139s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-10-2023 21:06

General

  • Target

    2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe

  • Size

    5.7MB

  • MD5

    b4d60e232e88562c47f22b2bc6eab0ce

  • SHA1

    5d2162186797c8f7252efafc55358e792f43da7c

  • SHA256

    2dd25d5938d21bd563aebf83ff632dff552d1cf52144b0fb429789a238be13a6

  • SHA512

    538c3a03ed18c1bed96616538d24ca4275c556c9f1961d28ecf0aa8a26904ec541fbf16dc82d654a39b7e86860184a73cfbcfca2f1ba204aeecf2d95feb019f7

  • SSDEEP

    98304:LmY+mX4/pCCPAPl/95PZZ1hKo8RtrbqaADhu/9KuhMuQEARhlmjgp0L5341Lz:LmY+BpCmAPl/95PDnKo8O1u/9lQd5mUT

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3756
    • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
      "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4552
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4c4 0x364
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Audio\High1.ogg

    Filesize

    3KB

    MD5

    fc2a595f574b1ead82a6dcf06492c985

    SHA1

    400626784368fb9825a954ab8e14238054a277d1

    SHA256

    ee9a4903a8df90eff4c5b65a8073e564a3581cf73772a72eb82396e69932e769

    SHA512

    06506e70170a85a2d697550bfb555a19e210e93b972a38a482448cf8eca335605583d04f74f5fdd2911203c58aaca2f55b946c2dfe754ecf17c6b1763b7e37db

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\10BEIN BY ENDRIT.btn

    Filesize

    3KB

    MD5

    df1b68ef90837308d27886f9e9617db6

    SHA1

    76b653f6f2407b050aa08d42c820d32f4f24d149

    SHA256

    e6eb502b37b60af89a49bb84b4a12e45eeaff14a8155e802facc62eedd475577

    SHA512

    7d00760177ef87bdbfded82e6cabdce929adaad7c1ac45973369fa128d7d7824c290527eb430da1adbda57f4ffc8c3f64bdd6d920a56dbd878324d7e94df02ad

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\11BEIN BY ENDRIT.btn

    Filesize

    2KB

    MD5

    a540c1b8b09a5f91e6a3a96a19d2c27c

    SHA1

    7ac0279687fa29c088f2e7d17323948bd0314404

    SHA256

    745a78107cd304210698839c2fb89584411a15a37be82cce91388d2feed5e0f2

    SHA512

    a93753fbebf987f5c02d4e94b0e2e4228dcbe606726016e507c22f601feb5b9ba8b2b5e64b7ba98c4b35d23509d7b4cbe271ecadbb62cf3a3976c77f291f117d

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\12BEIN BY ENDRIT.btn

    Filesize

    3KB

    MD5

    65c6d8dd66614dfc16495e10f92e82b1

    SHA1

    6fe6a88f4bad3c14ce17554ef36077015a0a084d

    SHA256

    cf3fd0a271e47a0c64f5e3e143362774a37feaade9f0c9e783735e32499e82c2

    SHA512

    5def90745d5e4edd1e22305eafea1d642b6e52c4baeedfdbf3544c02fc4310b5aa40bfedb15f09880e94d0143087d09fdfa9810ae6f409ad0b907fca94317ac0

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\13BEIN BY ENDRIT.btn

    Filesize

    3KB

    MD5

    e0112c820d043dc9072454a882e5493a

    SHA1

    452fb64884e2f2b6142b91622d8d34a1f9f459d8

    SHA256

    b1c9b716c3c836fad174d2e224a622b16fa502e492a5626fe5d7035627d40415

    SHA512

    010bb268c1777e926aec8191eab0f687ac13670ec48d9ebf7d4ff6f446e0041f43f39051d31643296fd7795222fdce3c20d333c2562fc4769bfb4d9ac8918c41

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\14BEIN BY ENDRIT.btn

    Filesize

    3KB

    MD5

    e7a36d791f45b7e7087f39bbc95ddcb3

    SHA1

    4047f9adb4ee95a093bf73d0662ebb66fb230174

    SHA256

    a8aa185db23564a8f250bdc211f7de10d0ee07d5e1fff0d113f96d7891809105

    SHA512

    e48a2451616eafa81e598122e1e583239f3bfaecef56e3ec41fc02f03d52bc4e36e50b9fb0b4aafd112a64a8bdbfd6baf5c2f914dc376935715f6df728125df1

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\15BEIN BY ENDRIT.btn

    Filesize

    3KB

    MD5

    016940b099a6319b6eaa1465038d9476

    SHA1

    e7aa3ee7feffa626586ebfceb3188c2fa65a25c3

    SHA256

    42cbf0f51ee1a2ccbb9937cb02cf83afb40fdf6ef5d904ef4b8ad8e45e42257e

    SHA512

    a3fc13941986b4bbc89b75d780ed21c5f0ecdcf84ae7bb9e0aa2310515ccf5b7931f0c9104ef2e5d56d6c2f1adff634b9ea86848627703462179325c9200e008

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\1BEIN BY ENDRIT.btn

    Filesize

    3KB

    MD5

    9cdf56ddd20001ed36c86d17baa3e6a6

    SHA1

    b63675fc91364471446f39d553bc988e9e194e7d

    SHA256

    d3f72815661bfbba7961ed563c973b7bcc05b3b8a3a26869bc42b904b47348af

    SHA512

    0ef093006f87a2e53f13dc66030fe44091574e4066a9eb2cbf97d381bd219b3101170cc9735209f4220eb160835aa5f9368e1dbe080c6bdc6c2d1162416ea678

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\2BEIN BY ENDRIT.btn

    Filesize

    3KB

    MD5

    bb248f782256dc7732c4d9555892ff21

    SHA1

    115f8ffa1799c433d3f37a0c3e7e93a385a5f680

    SHA256

    681a85841b1d7789fc8542d7fbc28e93606bc05210e8699df5fc535ad5449c7e

    SHA512

    003e49d5d174cd4977435ff3beafa50c1e610562b8460a6775078fb85c6c0b4e59b4a3e6a49eb5d09069810cb2fe58011266361158f1202f2011bd0b945f68d6

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\3BEIN BY ENDRIT.btn

    Filesize

    3KB

    MD5

    063316198fa766ed96d65f14a6270c16

    SHA1

    13e058b83a134f9162d1cb9aed1a3cb2d57b2018

    SHA256

    b8b6cea0f0e6f9ea075ba275bd29ce90d4eb46af69f290a21258a9f5a46fab77

    SHA512

    7e2727d49126647d50abef5c2e6fb0ca725288d0ee95873cb1d2485f780c17e626a9fe43642950c892ff3ccb7d63012037b837dbec14ad08e1ec64b4183be893

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\4BEIN BY ENDRIT.btn

    Filesize

    3KB

    MD5

    c10a7db75e558dedfd51ca3b0ec097f2

    SHA1

    1716166d3f3e3b225a5c76e43c90a8f9c3a54603

    SHA256

    295465eff2ffbc19c012bd67508d1b5776e7eb89768833d8b209d3a14b2894b6

    SHA512

    3470d69baf8e3f689a16f188f126aa038041e22841ddc145fcbe1eac2ce2ee07bc11a6565b0fb6e13df83f3a28f047f1c03c8c71af4f818e92d26a8b4c719d04

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\5BEIN BY ENDRIT.btn

    Filesize

    3KB

    MD5

    c1b02a258fa27caeb541243fdb49018e

    SHA1

    7ef0264f44d0c4b3404c8ee713e84004ec910f46

    SHA256

    80c3daa08e45122ff73d09bf8e2f6f2d91281dea546ab48311c4d22f92490922

    SHA512

    e9b91e7ae49543760bd919eda6b09846377cf6141e00f937753f7863060402cfe622d70b45a3f0c02af9d4ace16c94f5eb79c60ed511451f7f5528e829e18215

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\6BEIN BY ENDRIT.btn

    Filesize

    3KB

    MD5

    4cbf77b4c416a5e40d03d42c6876c682

    SHA1

    2a2bab4b9afb4bf9aa40a2df0d7ddbbd826b7d8d

    SHA256

    f087413ce7058c78ae36a6aa94be594527ef5786a09027e3f5496704c8a4aaaf

    SHA512

    f8181dd8fda8d55c9f374e66599688523e5d7fd18a5657651dd443e886d99123fe585292c03369e837b38520ad37e096402b2441839851e72c25f29371ff2865

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\7BEIN BY ENDRIT.btn

    Filesize

    3KB

    MD5

    3f9bee51fb2251fae11c9ab4002e83e7

    SHA1

    ca3aa3bb5ac7289ec4ae989d9a84914c53b9902b

    SHA256

    4e7590265eb5da45b52a31f1dfbf2632ea78788fc8dd74990498aa763511cb05

    SHA512

    93da97a129975534436e0b3c185d1d6910d9056ca07ec59bdf3599a0243eff2019a1cc9a1dacec5c1716f33ba7558772addc62c15561feb783724e26bb58c14c

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\8BEIN BY ENDRIT.btn

    Filesize

    3KB

    MD5

    0c2ab34766cfa0ed06c5a91bca255f08

    SHA1

    f5c851caff1c862f4b42d3c1b26a610ab05caf53

    SHA256

    976779070aafdc2a0b5fc305f0da9f7b5c45bd94af225fa04f7d474f34a3d7fc

    SHA512

    9ffb8093f230048dac90d56b14ab130f11ceded33d07f27be0933fb5c927be1b0691756ed628ce5ea0b1af3449bcc89a05c82d6d82d871b42292839a466a47e1

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\9BEIN BY ENDRIT.btn

    Filesize

    3KB

    MD5

    d88404619fe107e8e83c26ebbac0703b

    SHA1

    b61b33c636f99c5b5b9148b81f37a7a8361e86fa

    SHA256

    8f7fd408b750f55ea1f60c60e00a688456d36689c4f3575bb51121c8933ad547

    SHA512

    099ee417f69bc0b6f5cd8652a0d97cfbe4bb6848ae068b89c3304de63d43ecc7285c3e78c187d5c64620255aa6900d030e631f9340b8d59d194a68bd6fb74bc9

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\1009867_229377697251417_829352082_n.png

    Filesize

    39KB

    MD5

    cc9e11fcdf4ee9428a6ec0dc4239916a

    SHA1

    b83a43fbc3b6833fb94be5f77bbbe7b2374641a6

    SHA256

    729006687940d1e9a373ee479b036a28e39e57d302fc934453c59b0b9e6d04ad

    SHA512

    678a819731df71572f8376d4804eb19ec0d8ad570f9506ccad7114e0630383e7d069d016ab10d14d5a0fa85cefc1ba0e4568f7f3f6d05b2cea40e2dc9cbd3fcf

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Facebook_Logo.png

    Filesize

    5KB

    MD5

    9c7e3249e30a11c75ab58a2ae1c36454

    SHA1

    41166b3c24c7b8bde1aebebde8364fae88a9e5a2

    SHA256

    6d0e6e917ab8c7f8c1ad2441ceca80c6b539a466ec517681eda39eabd25f780d

    SHA512

    e1b511d8890ea7ca806d8248f54c13d03a3b71aab1a9f51478fd7ac624e1b23bf7ea707709956a6bde5e0933fce9470a968b135838bd8e25ca4e9e14a6c63344

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Screenshot_1.png

    Filesize

    209KB

    MD5

    0087c8ede8219a87adbe54865c7a92ac

    SHA1

    d3b7888cb3213087aeaab3d0a50b80ee5f8d7a9b

    SHA256

    e83477d5cb0e28f749e58ba90fd6ecb56c122862662db1f5ecf64265bc3ced75

    SHA512

    4a2300b8a80a614e634d1ee0a30d59d0b9e18dd4d11658b14368733785fdd54ebb2e41af740a76061c0c765f6224bca7800398b90786760b8023eb396ee0d28e

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd

    Filesize

    595KB

    MD5

    73239d2cebe4139c0e064e10c1ca8992

    SHA1

    e0a4fc50f715e57120427c07e48e664aace661e0

    SHA256

    8a939fb2e8526fffffbe30164d384da5ea479532b11bb2060e550f9f4551cfe7

    SHA512

    0561186d8f8776dd9ecad91d94bf081bc2dab0c6d897dd015a85ddc4db01d0db90bec5d15c32011274e669f4bf4750df61bdd037fd559ad0e4f96996f2203cc4

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\BEINSPRT.ico

    Filesize

    361KB

    MD5

    78ffe53367af2bce8b36ddc6a35d6c1f

    SHA1

    aa47dd48c70f35297dbe0836a4cb02df999f190a

    SHA256

    0416e5934bec379de11dd45a13f89e5b53a351d3e7cb5b7c1a017975d2799035

    SHA512

    2dcfe1e1661a36014637b97a68bd4b16b9fff1b759dd386bffcf747c5f9aab0d42cc8282fd3cf9e57034266242d7ec52085e906e66a446f3c9b35c5aa2a18f23

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\BEINSPRT.ico

    Filesize

    361KB

    MD5

    78ffe53367af2bce8b36ddc6a35d6c1f

    SHA1

    aa47dd48c70f35297dbe0836a4cb02df999f190a

    SHA256

    0416e5934bec379de11dd45a13f89e5b53a351d3e7cb5b7c1a017975d2799035

    SHA512

    2dcfe1e1661a36014637b97a68bd4b16b9fff1b759dd386bffcf747c5f9aab0d42cc8282fd3cf9e57034266242d7ec52085e906e66a446f3c9b35c5aa2a18f23

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

    Filesize

    6.9MB

    MD5

    e87dfe75e421f06d1476b484065ff3ea

    SHA1

    32f9d370b949d9471ef97627f4b4402c4bbf95f4

    SHA256

    e06f9e98bd1042c3772bf16c3c29b23a9ed542b81e7675ba0956ff80bbc9bcb1

    SHA512

    2dedf8a5a68799e1b6a868cba32f32e8fd2ed29b50b6c46a5273db8dc43436e4b597464f6fbbe51d3794360c13505ceecfe8483710cf6a33d215f9ea4fe1d229

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

    Filesize

    6.9MB

    MD5

    e87dfe75e421f06d1476b484065ff3ea

    SHA1

    32f9d370b949d9471ef97627f4b4402c4bbf95f4

    SHA256

    e06f9e98bd1042c3772bf16c3c29b23a9ed542b81e7675ba0956ff80bbc9bcb1

    SHA512

    2dedf8a5a68799e1b6a868cba32f32e8fd2ed29b50b6c46a5273db8dc43436e4b597464f6fbbe51d3794360c13505ceecfe8483710cf6a33d215f9ea4fe1d229

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

    Filesize

    320KB

    MD5

    c9e58d1d66271921c21366023b8ed94f

    SHA1

    5d7591ef49f0f1b6bbfa40ed6ec00c1e70deda61

    SHA256

    841732bb7e629d67e99505722200645771b7cb61c266c15356f0babdadac40c8

    SHA512

    21710a057931007bb92441445f2b99012b1ac2da873a4391b088e28fa8dcd8951474a257ccd50ae596ad57a16e1078808986b0b2290bd42943cc38e4d0e45f94

  • C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

    Filesize

    320KB

    MD5

    c9e58d1d66271921c21366023b8ed94f

    SHA1

    5d7591ef49f0f1b6bbfa40ed6ec00c1e70deda61

    SHA256

    841732bb7e629d67e99505722200645771b7cb61c266c15356f0babdadac40c8

    SHA512

    21710a057931007bb92441445f2b99012b1ac2da873a4391b088e28fa8dcd8951474a257ccd50ae596ad57a16e1078808986b0b2290bd42943cc38e4d0e45f94