e51be4953f1a267a6d0899da030ddadcf64780c032a04f0cb9350093cf6e3f2e

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 23:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
Size

12.0MB
MD5

131e1aeab51d6e92945c8244e53904fe
SHA1

b1e1aa13306d3ec82919b9503201388cb1ad54c2
SHA256

e51be4953f1a267a6d0899da030ddadcf64780c032a04f0cb9350093cf6e3f2e
SHA512

f4d0d517e9481a032694f1938bce642974ed7a6dc1552d45f4114f1635683f17c5b004c67320014d1f6a4405bb65d6fc7373165fcc66e42fc481bb70eec2e8f6
SSDEEP

196608:WO28EZHKVrsEyi80+gmxgMK4Hi0aru8pY/7ZBPVKpKevWpO:A8ESp0gqK70aK//N92KeOQ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3044	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\L:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\U:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\X:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\O:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\P:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\B:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\G:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\J:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\M:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\N:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\E:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\R:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\W:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\T:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\V:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\Y:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\A:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\H:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\K:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\Q:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\S:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
File opened (read-only)	\??\Z:	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3044	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3044	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
3044	NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-06_131e1aeab51d6e92945c8244e53904fe_icedid_magniber_JC.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\E2EECore.3.3.9.dll

Filesize
10.6MB

MD5
50c266e46ccf9bc8956279f78d51f205

SHA1
0ba5b98a91a9a019cd9b87cf01796c65ee6a0839

SHA256
c58e066a293ff260037487d37e37bf3d890c16383d817c7573dab51c514cbd00

SHA512
7350a82820faeba3172fad3d87b04c6a2967b797a321a78a53e7156c37fed4661a66d2f78e2f3ddbcbc0d10a56f5d761f7eb761f05d2841568b34841c17e0d37

Download Submit
memory/3044-0-0x0000000010000000-0x0000000010116000-memory.dmp

Filesize
1.1MB

Download
memory/3044-9-0x0000000003940000-0x0000000003941000-memory.dmp

Filesize
4KB

Download