Overview

overview

9

Static

static

3

2024-02-03...id.exe

windows7-x64

9

2024-02-03...id.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 09:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-03_d3d870ed3a50c0830d9b9d8182ec356a_icedid.exe

  • Size

    701KB

  • MD5

    d3d870ed3a50c0830d9b9d8182ec356a

  • SHA1

    795ffbfc04831e0fc71c4d0bf1675fa8b869bae8

  • SHA256

    5ea5dac70707421fbaeb11a21fefc10531bbf14c6a79bc30fdba509ed2325464

  • SHA512

    fb80895d347ac30d8199f08d072e66ebaebfefdc233eef078afb1752878ec2940011120bfa8143ee64fe47663691e3b51ffda6347f866fa9bf6e30394038b8c9

  • SSDEEP

    12288:I7bSAcO9nmofU3f5JblvsXWhW3FPOlNTHlGvYPlP5IzC1fshUQCvLo2k:6HnmlJblvSdFP8THlhqe1kh7

Score
9/10

Malware Config

Signatures

  • Detects executables built or packed with MPress PE compressor 11 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-03_d3d870ed3a50c0830d9b9d8182ec356a_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-03_d3d870ed3a50c0830d9b9d8182ec356a_icedid.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Users\Admin\AppData\Local\Temp\2024-02-03_d3d870ed3a50c0830d9b9d8182ec356a_icedid.exe
      2⤵
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1984
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\735.vbs"
        3⤵
        • Deletes itself
        PID:2748
  • C:\Program Files (x86)\Microsoft SQL Server Compact Edition\fdlaunchersa.exe
    "C:\Program Files (x86)\Microsoft SQL Server Compact Edition\fdlaunchersa.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Program Files (x86)\Microsoft SQL Server Compact Edition\fdlaunchersa.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2100

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\735.vbs
          Filesize

          500B

          MD5

          4b379a14e0319e3ed9e9daa3123e6b23

          SHA1

          bb3516db5dec3b2774b4dff52c10bd2a28bb5597

          SHA256

          86c62c93654c399a7b5ff1cab1c3f4cb278e7ec88b55836176f4211ad4f417ff

          SHA512

          b519816eb36952bce2a117807716d3abddca1f66371b44c2c1cde81c65c2fd2c2be1ce333826aa84d2c0ab4da648936c43b04b28bf235db7cbb6df9ef5c75ec1

          Download Submit

        • C:\Program Files (x86)\Microsoft SQL Server Compact Edition\fdlaunchersa.exe
          Filesize

          1.8MB

          MD5

          66057c46e189c124104d634859bee6c9

          SHA1

          5601b43a5a5f251bb8e9c3b46b76c4f1b742d5e7

          SHA256

          ee84a86b16fcbc2b1abd8c6dc7be509ae5239b8bf9dea590f4c487af3e38f182

          SHA512

          ec415995ae0f1e49a5706f16359fcd0a9f8d546f30905f916f8134db69fe2ee380fd8d38d93c57f2542e0d3f690c2c2e724ebd0de24fef5d0c600405e027af1a

          Download Submit

        • C:\Program Files (x86)\Microsoft SQL Server Compact Edition\fdlaunchersa.exe
          Filesize

          4.3MB

          MD5

          b27b3776734f09104143f0d81ed6ba26

          SHA1

          1ed5c100719bb9483bf68c44ec53068e2c54aa8e

          SHA256

          8dc957b6a3be64a55e5b91fb5cb473c7093a9da4f50c58ec56c527b6432a193c

          SHA512

          d3255399358cd9d1495eba2dfe15784f5e6df06ae12fb63c62e1dea54f990870046c83c8697f4882edfd0ef0afba03fe8b5d1fd115093595ba61a5f0b71f7a0c

          Download Submit

        • C:\Program Files (x86)\Microsoft SQL Server Compact Edition\fdlaunchersa.exe
          Filesize

          6.1MB

          MD5

          d6ded5497134f337a45979041a12e0c8

          SHA1

          9159e8f4872e07df5c482f7f79feb1996fcd58ca

          SHA256

          c3d6c99c2f1d4e289105e9e70a876c16cc01d1f892cbdfa3434379bdd93bc5f5

          SHA512

          68a6fa36ae0ff916f7100c60ee17afdb0485b338039f4df25b5998ca855a603657122b03881041f614fb1c36feb25e45ef25964b31c9a8b254d077b4080d6988

          Download Submit

        • \Program Files (x86)\Microsoft SQL Server Compact Edition\fdlaunchersa.exe
          Filesize

          3.5MB

          MD5

          61386966747a15713ce02adabf90d8d5

          SHA1

          26386f5823e58e0148d0c529ac3298855e624f72

          SHA256

          5a87c8b744fd93fa975b02a956785d9eabaad73efb701931853273910644c1da

          SHA512

          31042cf232df348119107bfd6a8a09292acef21bd3448eb5c698166676bfd58fb8a0ccbbb4ffd685ca67b900231d13154761576b91ab46d0adc542279a3f59d3

          Download Submit

        • \Program Files (x86)\Microsoft SQL Server Compact Edition\fdlaunchersa.exe
          Filesize

          6.0MB

          MD5

          ce4d7e5f5af0242b6b7e159ec0735fc0

          SHA1

          02070734203d24996c2cab1045136be29a029e3d

          SHA256

          ce79f91207f4a05ce5d6d2a7ba64ccbc1e21e3a91274ed7270fe147619b21e2e

          SHA512

          548fbb38a4d819fce279058f343679da45d500803c34a68489c89f99ef75572307ab7fc1bd19ed45fdfef7bc44b2160b80ada87a1b22f0ef9721f86156d73bbd

          Download Submit

        • \Program Files (x86)\Microsoft SQL Server Compact Edition\fdlaunchersa.exe
          Filesize

          9.0MB

          MD5

          515ba17e611ec40949f8f3eee88d0361

          SHA1

          a84cb00c9ed72804ebd19f65dae8d456361cbcef

          SHA256

          e364b7a27bbb0dbb8c55c5ed5de24fa32f4133515e52ee792fae0a04072deeca

          SHA512

          334cd7c6bed349228eb6d161dee2ff24f03d5aa101f52d119d0d9efce2929d4484557bb141255341192bf9135236d78fda3c96fb24d867147fb262e557e81957

          Download Submit

        • memory/1984-36-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/1984-2-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/1984-10-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/1984-9-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/1984-6-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/1984-7-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/1984-0-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1984-4-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/1984-12-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/1984-11-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2100-19-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2100-38-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2100-40-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2100-44-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download