Overview

overview

7

Static

static

3

2024-02-12...id.exe

windows7-x64

7

2024-02-12...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12-02-2024 17:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_d7554de78f0ab89f10608a30f7bd2e6e_icedid.exe

  • Size

    284KB

  • MD5

    d7554de78f0ab89f10608a30f7bd2e6e

  • SHA1

    719dd3575f1535f18a11aa5836c77e41e5d32c30

  • SHA256

    1b9352c16a98c3dcf715b2eec06fd0320345c73fe00b2f842a9420856ddb31ed

  • SHA512

    9b2b6b4ba640d67093b0d6873c5e4b014c3d3824e963744f8f00e43e1fa0766ba6845eb8eaf822a19087d96fb475b8a5cfb90886a9e32cf6804fb3985a3b4f40

  • SSDEEP

    6144:9lDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:9lDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_d7554de78f0ab89f10608a30f7bd2e6e_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_d7554de78f0ab89f10608a30f7bd2e6e_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2216
    • \??\c:\windows\system\sethome3607.exe
      c:\windows\system\sethome3607.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Filesize

    1KB

    MD5

    f962863cac8489bf5aa10943ecd0fdac

    SHA1

    252edfc87c2da0a557b08a4a219f18dcee89a8e1

    SHA256

    86e8cc27b632f5adc63699611a7d3b8c88ef98c288b5d08a510caf7f52c89250

    SHA512

    b29b3b835f250675f5b23e3007c38f1176ac24d9b9f7b8f180a45818610533a69329a9cd997d6447b1193b11d680af1a9532d017b4a28904825333b374a29204

    Download Submit

  • C:\Users\abc.lnk
    Filesize

    1KB

    MD5

    102f629e4caf8de753ec23af0e040a97

    SHA1

    fa557c3fe9a81ba35900dd21ff3933932da9d0c7

    SHA256

    31c51efb14908e32b73c4a2f97823f4eeb1ca85989c6219856266c401a7f352b

    SHA512

    2e9038eb7ae212d1f3b6a945327740fa2c3195ba36cf2697946e89c6649027f76e1ac134af8fe10a805231865896f0369c9676d04115c477cc2f2e6596f5fd38

    Download Submit

  • \Windows\system\sethome3607.exe
    Filesize

    284KB

    MD5

    8ade9479eea589e9f515d9cd25f3cdc6

    SHA1

    f3991bcdbd61fe502f7302df7799cdf3732f3bbd

    SHA256

    d46512488119f40eeafb6fe359749ff077139cb100aaff0d7ff2f1476540b133

    SHA512

    a2cf31e66c2a01d29c29e046e5ff7121ecbae71a30dc58c14b74db072470b8308d7bb55106ee4a21afc37e7627d4ebb0aadfe590931555327bfff2c21eeb1ae2

    Download Submit