Overview

overview

7

Static

static

3

2024-02-12...id.exe

windows7-x64

7

2024-02-12...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-02-2024 17:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_a9820e14c6ee34f91528d212fc017761_icedid.exe

  • Size

    284KB

  • MD5

    a9820e14c6ee34f91528d212fc017761

  • SHA1

    d650db5f781c5e1912ba825f5f3e76b1c38a2219

  • SHA256

    5035868c21ba7907c80da9b0b2040378b0f38fc9147cc7fbcc48971e73a02d90

  • SHA512

    07c294e7eca1103f5490a36eed27600cd7e66ec9e2a4b1e28f1785cbb79fd5d338ca7267f4901a2fc751166b4dcfff065c3b26387cccfa07fe03b4850c59ae12

  • SSDEEP

    6144:klDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:klDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_a9820e14c6ee34f91528d212fc017761_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_a9820e14c6ee34f91528d212fc017761_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2240
    • \??\c:\windows\system\sethome1875.exe
      c:\windows\system\sethome1875.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\abc.lnk
    Filesize

    965B

    MD5

    c5ef8bbe857325d43faaac3bac5457b0

    SHA1

    36b43f42d50b17f3ce5631980f1b6ca1c910b7c0

    SHA256

    2fa50d76f0239f04fb74f5b6f0f81dc4670ec28545224bb2a9bc69d08ae65ede

    SHA512

    d6a90a1733ba27c213b3bb2000e18a275a10c83f4f1d6cfd3e4e8d6b8417c175589ca32896060f868fa013df928e9a7e75b94b0ce8986c1a8d3a72a5f463fe9d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Filesize

    1KB

    MD5

    ec1e0992615d27af9d52c03dfc63cbb2

    SHA1

    ab266de1a3cd14851f2eb1095864b4c431e78b7d

    SHA256

    7d38c5c42f47cf31a22c02241d0b21a4587a497fde57c573b6890b353a84af14

    SHA512

    66a01ae6dc5c3361bb946d0bcb138e3932aa9422d7e7c8fdf3234e64c8a40ef2a7da3ac5d80b94df096f368e339ab91d53befce0b8230c044ac16c67187bde2d

    Download Submit

  • C:\Users\abc.lnk
    Filesize

    1KB

    MD5

    c61bad82010a1fe67bee2ec6f21d0820

    SHA1

    0904203bd633fc58c5afafc091b8994b5154bc50

    SHA256

    85832609a1c5b393ab7bb39829e55d06b7da42c3c82b1aa377c28319bf4ebb82

    SHA512

    0da2d2ba83c09d2db00a0b443c9f4c5fabdbb4cd1949ca926d21483eda891dca426eb685f709321f21e64c6067ed827cc0c190744d7d5140412f0c870c2257ad

    Download Submit

  • \Windows\system\sethome1875.exe
    Filesize

    284KB

    MD5

    28d4937426884f0380f1bc30852720b3

    SHA1

    c12db0da67438fcea6fe357d1d2876b5b8805794

    SHA256

    7ff2397655e3920869ceab2ea78556c9d5a59613434b30d9aa1577f6b4a65002

    SHA512

    291c5848cd5b83dc7b8cf8201af8cf25ba62174f649d5b376402acda6018e2500c5cdab4c532544b7f1ae612d3b4cec838dd3bdf789917ce9465ffc777c2883f

    Download Submit