7fb9ed1e1cedfb1b56150f923d988acfa3343f881e64f6c130d85f2b7739a341

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 01:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-02-12_678fcfaf5f9247c85ae81e34a2663128_icedid.exe
Size

5.0MB
MD5

678fcfaf5f9247c85ae81e34a2663128
SHA1

d0a4cf85ccf832965ba65741e81fc17dd7b4e2ef
SHA256

7fb9ed1e1cedfb1b56150f923d988acfa3343f881e64f6c130d85f2b7739a341
SHA512

ef845215334ec800cf3384875a1f8ec55a3f3fb5e2821757a6fdb79d20588bcafb4c6bda0391e43bb7a404392b03518eca3ee8e832fa5000b8755397092a6ec1
SSDEEP

98304:02yTIwCinaJIWLWiRlWgWsZuJn7DH0r1lBl5SbWf+YFCf:KftiRlWrJJvH0rnBlQaf+Hf

Score

9^/10

upx

Malware Config

Signatures

Detects executables packed with VMProtect. 4 IoCs

resource	yara_rule
behavioral2/memory/1148-49-0x00000000029B0000-0x0000000002B28000-memory.dmp	INDICATOR_EXE_Packed_VMProtect
behavioral2/memory/1148-80-0x00000000029B0000-0x0000000002B28000-memory.dmp	INDICATOR_EXE_Packed_VMProtect
behavioral2/memory/1148-82-0x00000000029B0000-0x0000000002B28000-memory.dmp	INDICATOR_EXE_Packed_VMProtect
behavioral2/memory/1148-84-0x00000000029B0000-0x0000000002B28000-memory.dmp	INDICATOR_EXE_Packed_VMProtect

UPX dump on OEP (original entry point) 29 IoCs

resource	yara_rule
behavioral2/memory/1148-1-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-0-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-2-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-3-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-6-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-8-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-10-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-12-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-14-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-19-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-17-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-23-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-21-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-25-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-27-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-29-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-31-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-33-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-36-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-38-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-40-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-42-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-44-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-47-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/memory/1148-48-0x0000000010000000-0x000000001003E000-memory.dmp	UPX
behavioral2/files/0x000600000002323b-71.dat	UPX
behavioral2/memory/1148-78-0x00000000035C0000-0x0000000003736000-memory.dmp	UPX
behavioral2/memory/1148-81-0x00000000035C0000-0x0000000003736000-memory.dmp	UPX
behavioral2/memory/1148-91-0x0000000010000000-0x000000001003E000-memory.dmp	UPX

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000600000002323b-71.dat	acprotect

Loads dropped DLL 4 IoCs

pid	Process
1148	2024-02-12_678fcfaf5f9247c85ae81e34a2663128_icedid.exe
1148	2024-02-12_678fcfaf5f9247c85ae81e34a2663128_icedid.exe
1148	2024-02-12_678fcfaf5f9247c85ae81e34a2663128_icedid.exe
1148	2024-02-12_678fcfaf5f9247c85ae81e34a2663128_icedid.exe

UPX packed file 29 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1148-1-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-0-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-2-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-3-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-6-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-8-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-10-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-12-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-14-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-19-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-17-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-23-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-21-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-25-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-27-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-29-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-31-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-33-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-36-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-38-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-40-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-42-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-44-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-47-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1148-48-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/files/0x000600000002323b-71.dat	upx
behavioral2/memory/1148-78-0x00000000035C0000-0x0000000003736000-memory.dmp	upx
behavioral2/memory/1148-81-0x00000000035C0000-0x0000000003736000-memory.dmp	upx
behavioral2/memory/1148-91-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "www.2345.com/?k744606640"	2024-02-12_678fcfaf5f9247c85ae81e34a2663128_icedid.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1148	2024-02-12_678fcfaf5f9247c85ae81e34a2663128_icedid.exe
1148	2024-02-12_678fcfaf5f9247c85ae81e34a2663128_icedid.exe
1148	2024-02-12_678fcfaf5f9247c85ae81e34a2663128_icedid.exe

C:\Users\Admin\AppData\Local\Temp\2024-02-12_678fcfaf5f9247c85ae81e34a2663128_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-12_678fcfaf5f9247c85ae81e34a2663128_icedid.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer start page
- Suspicious use of SetWindowsHookEx
PID:1148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\dm.dll

Filesize
804KB

MD5
c578b6820bda5689940560147c6e5ffc

SHA1
922e50d89c9c44bdc205ef17aa57212b64e58852

SHA256
3b6ddc32b800a18b21a819e842cbfdd57cb065fd92cc69545e0ef29b97cfd389

SHA512
9f2a1bb5788ad245242d12968bbf198af2694a87c6e2342f14672e8c14e8489dd3319434592fc9b20f620557d0fa58482903d19c7f5ba32456a1e4076dc1bb85

Download Submit
C:\dmreg.dll

Filesize
52KB

MD5
fdc8b75a37017141831e3421479307be

SHA1
f6a08cc570d5e5bc4218da376ca353d46d62790d

SHA256
2a37ce301490bd4b7c5d02b768b054705fe4620db6ef81061718c1fe89c9f27e

SHA512
d74e2de28523317c928965affa464cef6ba5c4da9ab05d30a79a4d3bbb59284d68331b5735c705cf73e155cf3a42b01ef5cd7219c72c242eed6b711090066537

Download Submit
memory/1148-40-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-47-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-6-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-8-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-10-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-12-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-14-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-19-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-17-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-23-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-21-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-25-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-27-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-29-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-31-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-33-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-36-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-38-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-1-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-42-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-3-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-48-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-44-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-49-0x00000000029B0000-0x0000000002B28000-memory.dmp

Filesize
1.5MB

Download
memory/1148-55-0x00000000027A0000-0x00000000027C0000-memory.dmp

Filesize
128KB

Download
memory/1148-57-0x00000000028E0000-0x0000000002939000-memory.dmp

Filesize
356KB

Download
memory/1148-2-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-63-0x0000000002980000-0x000000000298F000-memory.dmp

Filesize
60KB

Download
memory/1148-68-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1148-67-0x0000000077A72000-0x0000000077A73000-memory.dmp

Filesize
4KB

Download
memory/1148-69-0x0000000002C30000-0x0000000002C31000-memory.dmp

Filesize
4KB

Download
memory/1148-70-0x0000000002C30000-0x0000000002C6A000-memory.dmp

Filesize
232KB

Download
memory/1148-0-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-75-0x0000000077A73000-0x0000000077A74000-memory.dmp

Filesize
4KB

Download
memory/1148-78-0x00000000035C0000-0x0000000003736000-memory.dmp

Filesize
1.5MB

Download
memory/1148-80-0x00000000029B0000-0x0000000002B28000-memory.dmp

Filesize
1.5MB

Download
memory/1148-81-0x00000000035C0000-0x0000000003736000-memory.dmp

Filesize
1.5MB

Download
memory/1148-82-0x00000000029B0000-0x0000000002B28000-memory.dmp

Filesize
1.5MB

Download
memory/1148-84-0x00000000029B0000-0x0000000002B28000-memory.dmp

Filesize
1.5MB

Download
memory/1148-91-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1148-94-0x0000000002C30000-0x0000000002C31000-memory.dmp

Filesize
4KB

Download