Analysis
-
max time kernel
139s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
13-10-2023 21:06
Static task
static1
Behavioral task
behavioral1
Sample
2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe
Resource
win10v2004-20230915-en
General
-
Target
2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe
-
Size
5.7MB
-
MD5
b4d60e232e88562c47f22b2bc6eab0ce
-
SHA1
5d2162186797c8f7252efafc55358e792f43da7c
-
SHA256
2dd25d5938d21bd563aebf83ff632dff552d1cf52144b0fb429789a238be13a6
-
SHA512
538c3a03ed18c1bed96616538d24ca4275c556c9f1961d28ecf0aa8a26904ec541fbf16dc82d654a39b7e86860184a73cfbcfca2f1ba204aeecf2d95feb019f7
-
SSDEEP
98304:LmY+mX4/pCCPAPl/95PZZ1hKo8RtrbqaADhu/9KuhMuQEARhlmjgp0L5341Lz:LmY+BpCmAPl/95PDnKo8O1u/9lQd5mUT
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4552 autorun.exe -
Loads dropped DLL 1 IoCs
pid Process 4552 autorun.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4552 autorun.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4808 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4808 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3756 2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe 3756 2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe 4552 autorun.exe 4552 autorun.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3756 wrote to memory of 4552 3756 2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe 85 PID 3756 wrote to memory of 4552 3756 2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe 85 PID 3756 wrote to memory of 4552 3756 2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3756 -
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe"C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\2023-08-25_b4d60e232e88562c47f22b2bc6eab0ce_icedid_JC.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4552
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4c4 0x3641⤵
- Suspicious use of AdjustPrivilegeToken
PID:4808
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5fc2a595f574b1ead82a6dcf06492c985
SHA1400626784368fb9825a954ab8e14238054a277d1
SHA256ee9a4903a8df90eff4c5b65a8073e564a3581cf73772a72eb82396e69932e769
SHA51206506e70170a85a2d697550bfb555a19e210e93b972a38a482448cf8eca335605583d04f74f5fdd2911203c58aaca2f55b946c2dfe754ecf17c6b1763b7e37db
-
Filesize
3KB
MD5df1b68ef90837308d27886f9e9617db6
SHA176b653f6f2407b050aa08d42c820d32f4f24d149
SHA256e6eb502b37b60af89a49bb84b4a12e45eeaff14a8155e802facc62eedd475577
SHA5127d00760177ef87bdbfded82e6cabdce929adaad7c1ac45973369fa128d7d7824c290527eb430da1adbda57f4ffc8c3f64bdd6d920a56dbd878324d7e94df02ad
-
Filesize
2KB
MD5a540c1b8b09a5f91e6a3a96a19d2c27c
SHA17ac0279687fa29c088f2e7d17323948bd0314404
SHA256745a78107cd304210698839c2fb89584411a15a37be82cce91388d2feed5e0f2
SHA512a93753fbebf987f5c02d4e94b0e2e4228dcbe606726016e507c22f601feb5b9ba8b2b5e64b7ba98c4b35d23509d7b4cbe271ecadbb62cf3a3976c77f291f117d
-
Filesize
3KB
MD565c6d8dd66614dfc16495e10f92e82b1
SHA16fe6a88f4bad3c14ce17554ef36077015a0a084d
SHA256cf3fd0a271e47a0c64f5e3e143362774a37feaade9f0c9e783735e32499e82c2
SHA5125def90745d5e4edd1e22305eafea1d642b6e52c4baeedfdbf3544c02fc4310b5aa40bfedb15f09880e94d0143087d09fdfa9810ae6f409ad0b907fca94317ac0
-
Filesize
3KB
MD5e0112c820d043dc9072454a882e5493a
SHA1452fb64884e2f2b6142b91622d8d34a1f9f459d8
SHA256b1c9b716c3c836fad174d2e224a622b16fa502e492a5626fe5d7035627d40415
SHA512010bb268c1777e926aec8191eab0f687ac13670ec48d9ebf7d4ff6f446e0041f43f39051d31643296fd7795222fdce3c20d333c2562fc4769bfb4d9ac8918c41
-
Filesize
3KB
MD5e7a36d791f45b7e7087f39bbc95ddcb3
SHA14047f9adb4ee95a093bf73d0662ebb66fb230174
SHA256a8aa185db23564a8f250bdc211f7de10d0ee07d5e1fff0d113f96d7891809105
SHA512e48a2451616eafa81e598122e1e583239f3bfaecef56e3ec41fc02f03d52bc4e36e50b9fb0b4aafd112a64a8bdbfd6baf5c2f914dc376935715f6df728125df1
-
Filesize
3KB
MD5016940b099a6319b6eaa1465038d9476
SHA1e7aa3ee7feffa626586ebfceb3188c2fa65a25c3
SHA25642cbf0f51ee1a2ccbb9937cb02cf83afb40fdf6ef5d904ef4b8ad8e45e42257e
SHA512a3fc13941986b4bbc89b75d780ed21c5f0ecdcf84ae7bb9e0aa2310515ccf5b7931f0c9104ef2e5d56d6c2f1adff634b9ea86848627703462179325c9200e008
-
Filesize
3KB
MD59cdf56ddd20001ed36c86d17baa3e6a6
SHA1b63675fc91364471446f39d553bc988e9e194e7d
SHA256d3f72815661bfbba7961ed563c973b7bcc05b3b8a3a26869bc42b904b47348af
SHA5120ef093006f87a2e53f13dc66030fe44091574e4066a9eb2cbf97d381bd219b3101170cc9735209f4220eb160835aa5f9368e1dbe080c6bdc6c2d1162416ea678
-
Filesize
3KB
MD5bb248f782256dc7732c4d9555892ff21
SHA1115f8ffa1799c433d3f37a0c3e7e93a385a5f680
SHA256681a85841b1d7789fc8542d7fbc28e93606bc05210e8699df5fc535ad5449c7e
SHA512003e49d5d174cd4977435ff3beafa50c1e610562b8460a6775078fb85c6c0b4e59b4a3e6a49eb5d09069810cb2fe58011266361158f1202f2011bd0b945f68d6
-
Filesize
3KB
MD5063316198fa766ed96d65f14a6270c16
SHA113e058b83a134f9162d1cb9aed1a3cb2d57b2018
SHA256b8b6cea0f0e6f9ea075ba275bd29ce90d4eb46af69f290a21258a9f5a46fab77
SHA5127e2727d49126647d50abef5c2e6fb0ca725288d0ee95873cb1d2485f780c17e626a9fe43642950c892ff3ccb7d63012037b837dbec14ad08e1ec64b4183be893
-
Filesize
3KB
MD5c10a7db75e558dedfd51ca3b0ec097f2
SHA11716166d3f3e3b225a5c76e43c90a8f9c3a54603
SHA256295465eff2ffbc19c012bd67508d1b5776e7eb89768833d8b209d3a14b2894b6
SHA5123470d69baf8e3f689a16f188f126aa038041e22841ddc145fcbe1eac2ce2ee07bc11a6565b0fb6e13df83f3a28f047f1c03c8c71af4f818e92d26a8b4c719d04
-
Filesize
3KB
MD5c1b02a258fa27caeb541243fdb49018e
SHA17ef0264f44d0c4b3404c8ee713e84004ec910f46
SHA25680c3daa08e45122ff73d09bf8e2f6f2d91281dea546ab48311c4d22f92490922
SHA512e9b91e7ae49543760bd919eda6b09846377cf6141e00f937753f7863060402cfe622d70b45a3f0c02af9d4ace16c94f5eb79c60ed511451f7f5528e829e18215
-
Filesize
3KB
MD54cbf77b4c416a5e40d03d42c6876c682
SHA12a2bab4b9afb4bf9aa40a2df0d7ddbbd826b7d8d
SHA256f087413ce7058c78ae36a6aa94be594527ef5786a09027e3f5496704c8a4aaaf
SHA512f8181dd8fda8d55c9f374e66599688523e5d7fd18a5657651dd443e886d99123fe585292c03369e837b38520ad37e096402b2441839851e72c25f29371ff2865
-
Filesize
3KB
MD53f9bee51fb2251fae11c9ab4002e83e7
SHA1ca3aa3bb5ac7289ec4ae989d9a84914c53b9902b
SHA2564e7590265eb5da45b52a31f1dfbf2632ea78788fc8dd74990498aa763511cb05
SHA51293da97a129975534436e0b3c185d1d6910d9056ca07ec59bdf3599a0243eff2019a1cc9a1dacec5c1716f33ba7558772addc62c15561feb783724e26bb58c14c
-
Filesize
3KB
MD50c2ab34766cfa0ed06c5a91bca255f08
SHA1f5c851caff1c862f4b42d3c1b26a610ab05caf53
SHA256976779070aafdc2a0b5fc305f0da9f7b5c45bd94af225fa04f7d474f34a3d7fc
SHA5129ffb8093f230048dac90d56b14ab130f11ceded33d07f27be0933fb5c927be1b0691756ed628ce5ea0b1af3449bcc89a05c82d6d82d871b42292839a466a47e1
-
Filesize
3KB
MD5d88404619fe107e8e83c26ebbac0703b
SHA1b61b33c636f99c5b5b9148b81f37a7a8361e86fa
SHA2568f7fd408b750f55ea1f60c60e00a688456d36689c4f3575bb51121c8933ad547
SHA512099ee417f69bc0b6f5cd8652a0d97cfbe4bb6848ae068b89c3304de63d43ecc7285c3e78c187d5c64620255aa6900d030e631f9340b8d59d194a68bd6fb74bc9
-
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\1009867_229377697251417_829352082_n.png
Filesize39KB
MD5cc9e11fcdf4ee9428a6ec0dc4239916a
SHA1b83a43fbc3b6833fb94be5f77bbbe7b2374641a6
SHA256729006687940d1e9a373ee479b036a28e39e57d302fc934453c59b0b9e6d04ad
SHA512678a819731df71572f8376d4804eb19ec0d8ad570f9506ccad7114e0630383e7d069d016ab10d14d5a0fa85cefc1ba0e4568f7f3f6d05b2cea40e2dc9cbd3fcf
-
Filesize
5KB
MD59c7e3249e30a11c75ab58a2ae1c36454
SHA141166b3c24c7b8bde1aebebde8364fae88a9e5a2
SHA2566d0e6e917ab8c7f8c1ad2441ceca80c6b539a466ec517681eda39eabd25f780d
SHA512e1b511d8890ea7ca806d8248f54c13d03a3b71aab1a9f51478fd7ac624e1b23bf7ea707709956a6bde5e0933fce9470a968b135838bd8e25ca4e9e14a6c63344
-
Filesize
209KB
MD50087c8ede8219a87adbe54865c7a92ac
SHA1d3b7888cb3213087aeaab3d0a50b80ee5f8d7a9b
SHA256e83477d5cb0e28f749e58ba90fd6ecb56c122862662db1f5ecf64265bc3ced75
SHA5124a2300b8a80a614e634d1ee0a30d59d0b9e18dd4d11658b14368733785fdd54ebb2e41af740a76061c0c765f6224bca7800398b90786760b8023eb396ee0d28e
-
Filesize
595KB
MD573239d2cebe4139c0e064e10c1ca8992
SHA1e0a4fc50f715e57120427c07e48e664aace661e0
SHA2568a939fb2e8526fffffbe30164d384da5ea479532b11bb2060e550f9f4551cfe7
SHA5120561186d8f8776dd9ecad91d94bf081bc2dab0c6d897dd015a85ddc4db01d0db90bec5d15c32011274e669f4bf4750df61bdd037fd559ad0e4f96996f2203cc4
-
Filesize
361KB
MD578ffe53367af2bce8b36ddc6a35d6c1f
SHA1aa47dd48c70f35297dbe0836a4cb02df999f190a
SHA2560416e5934bec379de11dd45a13f89e5b53a351d3e7cb5b7c1a017975d2799035
SHA5122dcfe1e1661a36014637b97a68bd4b16b9fff1b759dd386bffcf747c5f9aab0d42cc8282fd3cf9e57034266242d7ec52085e906e66a446f3c9b35c5aa2a18f23
-
Filesize
361KB
MD578ffe53367af2bce8b36ddc6a35d6c1f
SHA1aa47dd48c70f35297dbe0836a4cb02df999f190a
SHA2560416e5934bec379de11dd45a13f89e5b53a351d3e7cb5b7c1a017975d2799035
SHA5122dcfe1e1661a36014637b97a68bd4b16b9fff1b759dd386bffcf747c5f9aab0d42cc8282fd3cf9e57034266242d7ec52085e906e66a446f3c9b35c5aa2a18f23
-
Filesize
6.9MB
MD5e87dfe75e421f06d1476b484065ff3ea
SHA132f9d370b949d9471ef97627f4b4402c4bbf95f4
SHA256e06f9e98bd1042c3772bf16c3c29b23a9ed542b81e7675ba0956ff80bbc9bcb1
SHA5122dedf8a5a68799e1b6a868cba32f32e8fd2ed29b50b6c46a5273db8dc43436e4b597464f6fbbe51d3794360c13505ceecfe8483710cf6a33d215f9ea4fe1d229
-
Filesize
6.9MB
MD5e87dfe75e421f06d1476b484065ff3ea
SHA132f9d370b949d9471ef97627f4b4402c4bbf95f4
SHA256e06f9e98bd1042c3772bf16c3c29b23a9ed542b81e7675ba0956ff80bbc9bcb1
SHA5122dedf8a5a68799e1b6a868cba32f32e8fd2ed29b50b6c46a5273db8dc43436e4b597464f6fbbe51d3794360c13505ceecfe8483710cf6a33d215f9ea4fe1d229
-
Filesize
320KB
MD5c9e58d1d66271921c21366023b8ed94f
SHA15d7591ef49f0f1b6bbfa40ed6ec00c1e70deda61
SHA256841732bb7e629d67e99505722200645771b7cb61c266c15356f0babdadac40c8
SHA51221710a057931007bb92441445f2b99012b1ac2da873a4391b088e28fa8dcd8951474a257ccd50ae596ad57a16e1078808986b0b2290bd42943cc38e4d0e45f94
-
Filesize
320KB
MD5c9e58d1d66271921c21366023b8ed94f
SHA15d7591ef49f0f1b6bbfa40ed6ec00c1e70deda61
SHA256841732bb7e629d67e99505722200645771b7cb61c266c15356f0babdadac40c8
SHA51221710a057931007bb92441445f2b99012b1ac2da873a4391b088e28fa8dcd8951474a257ccd50ae596ad57a16e1078808986b0b2290bd42943cc38e4d0e45f94