Overview

overview

8

Static

static

1

2024-01-09...id.exe

windows7-x64

7

2024-01-09...id.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    156s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 05:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-09_a3daceeb17d991b35af6bf4e05c0fea4_floxif_icedid.exe

  • Size

    4.6MB

  • MD5

    a3daceeb17d991b35af6bf4e05c0fea4

  • SHA1

    31566131524d5d62a1ffdf5fd01d78649ee02063

  • SHA256

    1fc7c33aa1b292c9e3c662f2a2dd056ab3eb27025251aeb579c8c834c13758ab

  • SHA512

    78b2f2c47f394eed66d543264d38a4331a5f0153b34628bb5c050c9116da16cf36ada3047ef4d6cd72c68d432e418eb08aa22a1a5f19e6837b2ca1948cc1b4f0

  • SSDEEP

    98304:cv2rFj45EgrVFKq2dW+zPh9L3OYHRCu7IoKRo/FpuwdbaMP2yoS:c+r5UrA/dnbOERCWNDsyoS

Score
8/10
discoverypersistenceupx

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-09_a3daceeb17d991b35af6bf4e05c0fea4_floxif_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-09_a3daceeb17d991b35af6bf4e05c0fea4_floxif_icedid.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2228

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Common Files\System\symsrv.dll
          Filesize

          67KB

          MD5

          7574cf2c64f35161ab1292e2f532aabf

          SHA1

          14ba3fa927a06224dfe587014299e834def4644f

          SHA256

          de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

          SHA512

          4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

          Download Submit

        • memory/2228-3-0x0000000010000000-0x0000000010030000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2228-4-0x0000000000400000-0x0000000000898000-memory.dmp

          Filesize

          4.6MB

          Download

        • memory/2228-6-0x0000000010000000-0x0000000010030000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2228-11-0x0000000010000000-0x0000000010030000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2228-12-0x0000000000400000-0x0000000000898000-memory.dmp

          Filesize

          4.6MB

          Download

        • memory/2228-13-0x0000000010000000-0x0000000010030000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2228-15-0x0000000010000000-0x0000000010030000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2228-17-0x0000000000400000-0x0000000000898000-memory.dmp

          Filesize

          4.6MB

          Download