3fa6bc041bae173858c268f3f303c56bdca43981898fc5a58f031b87da610bc9

Analysis

max time kernel
165s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2023 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
Size

1.4MB
MD5

61a3f25b8fe6f1b3fe8089269d960365
SHA1

61632d6a08c0df0c62957348503dca05ca543070
SHA256

3fa6bc041bae173858c268f3f303c56bdca43981898fc5a58f031b87da610bc9
SHA512

b5191355b162b98f102f6c84cdb6248fb42f27947aa6fd1f0f89d97a3050f78788ffff6d961e3911a67b8b0c11a292cac71ecc936aa2f8994611d1ec89b3e028
SSDEEP

24576:iXL/uvThLQZQfrA4JHqvyIgYTwiIg11lzF5E6RCgqvdlCW6zTcCkZrSozrSobrSI:iXLQETXmKCgawPzTDk

Score

1^/10

Malware Config

Signatures

Modifies registry class 12 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\HeidiSoftware.HDPlayer.playlist\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe\" \"%1\""	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\HeidiSoftware.HDPlayer.playlist	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\HeidiSoftware.HDPlayer.playlist\ = "Playlist"	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\HeidiSoftware.HDPlayer.playlist\DefaultIcon	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\HeidiSoftware.HDPlayer.playlist\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe,1"	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\HeidiSoftware.HDPlayer.playlist\shell	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\WOW6432Node\CLSID\{FA666AC0-25DF-406b-9CCD-A5113261B30B}\ = 9d89bbb29c86d0aa9db0ccb09ccdbeccce86ccb29d8699b299af94cace86cbca9cbf9daf9db098cc9ccdc89f9d9598cb9d86becf9b96bfabce86cbcb98cd9db39db08ccc9dcd959f9c968ccf9b968ccc9cbf99ae9db3bbd1ce86a79f9d96cbcb9d95c8b39bcc9d9f	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\HeidiSoftware.HDPlayer.playlist\shell\open\command	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\HeidiSoftware.HDPlayer.playlist\shell\open	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\.playlist	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\.playlist\ = "HeidiSoftware.HDPlayer.playlist"	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
Key created	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\WOW6432Node\CLSID\{FA666AC0-25DF-406b-9CCD-A5113261B30B}	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2720	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
2720	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
2720	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
2720	2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe

C:\Users\Admin\AppData\Local\Temp\2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2023-08-25_61a3f25b8fe6f1b3fe8089269d960365_icedid_JC.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2720

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads