Overview

overview

7

Static

static

3

2024-02-12...id.exe

windows7-x64

7

2024-02-12...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    105s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-02-2024 17:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_a9820e14c6ee34f91528d212fc017761_icedid.exe

  • Size

    284KB

  • MD5

    a9820e14c6ee34f91528d212fc017761

  • SHA1

    d650db5f781c5e1912ba825f5f3e76b1c38a2219

  • SHA256

    5035868c21ba7907c80da9b0b2040378b0f38fc9147cc7fbcc48971e73a02d90

  • SHA512

    07c294e7eca1103f5490a36eed27600cd7e66ec9e2a4b1e28f1785cbb79fd5d338ca7267f4901a2fc751166b4dcfff065c3b26387cccfa07fe03b4850c59ae12

  • SSDEEP

    6144:klDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:klDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_a9820e14c6ee34f91528d212fc017761_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_a9820e14c6ee34f91528d212fc017761_icedid.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3924
    • \??\c:\windows\system\sethome4984.exe
      c:\windows\system\sethome4984.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
    Filesize

    1KB

    MD5

    e62d8348f69bcfa2e7c7daa81d376414

    SHA1

    ee6675371c472f68508321e1753afb62e65357fa

    SHA256

    c0868945edd37f1c0f0b72fad03dc8e8480e768d7f215e18bb09ef07c68c1bdc

    SHA512

    d0b7c93dbfca8e805ab2f9d07c8c41269c1e424fd6facf3aa06a79d93ed3f4044448f2a67d52c6ea4bc8aebd2b5330fb73d99d9678f3fe8af9b64e3832187cab

    Download Submit

  • C:\Users\abc.lnk
    Filesize

    1KB

    MD5

    a619ecceb8a33d8e27ae4de1777e63e6

    SHA1

    04c8d8273845f5ea3f360a94d280f616d95cabf3

    SHA256

    75e3997940ef06ef7199774756d0d2326b30f29c0a433c531f7367954e7dce31

    SHA512

    e73af2f6a6f509766b1cab80ed453c1475e888863328c321d79deaa3605a85f6fdfe8a925603bb799e215ed0c554870ef1ace28fd22defeb82093914f5305723

    Download Submit

  • C:\Windows\System\sethome4984.exe
    Filesize

    169KB

    MD5

    ed346a15af69e2c25a9d3eb00b451d59

    SHA1

    5156306c250e63c2b22bf92515c53059f94d2efa

    SHA256

    b154b04f079a8d310b4bcd5e13edd1d804587ef7f76f23d3fe53b1f00781b1bf

    SHA512

    63a4230f38e250fe42e3d17a95820dd1c72cd32b000a95fa11e5d39da3ded0bfa549c6a9223f432a17281752c8cd91fbb2a133093530b08c1a4ae8d01af6f244

    Download Submit

  • \??\c:\windows\system\sethome4984.exe
    Filesize

    284KB

    MD5

    8dc7349b99516fa250453e804e31b1b4

    SHA1

    3e98a126f39356812abf651350f5651db9a8757d

    SHA256

    7f2c34c2f462fa25d90b7691f21a0f0d63c73f9d106c6e74b237521573a917c5

    SHA512

    3105f3c4ee350e7b74efdd8272d8ff1aa48d93d60d6deb3141cf09e03934266c9709e13ab67ee5857aff0a803328736cab8ba82918d6952b7de4ca13d32ea182

    Download Submit