Overview

overview

9

Static

static

3

2024-02-12...id.exe

windows7-x64

7

2024-02-12...id.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-02-2024 20:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_d650c129e76087f6e9d88b94e0c6bd4f_icedid.exe

  • Size

    712KB

  • MD5

    d650c129e76087f6e9d88b94e0c6bd4f

  • SHA1

    2dcc4d01f807f43102a71f0c3a1271b671772fea

  • SHA256

    b552b7b3d0945bd2ee045ee5cfdd16bf7fe4afb275649adb092700e39baeb2d0

  • SHA512

    893db9258b6aa680d7bd76e9cc7d9e1bfd529d65a513af53766a8fcb0a2f7831cba63bdab16f615be9ca15895ba48c04985db643e28fd801c264551e4baa566b

  • SSDEEP

    12288:JOiN7MvENaFrB3tCexKQbLAgB6uE9TSbwbZOSsDLMg2JtYGDf:JJGHdfxKQlBTE9TSb2ULMJtYGT

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_d650c129e76087f6e9d88b94e0c6bd4f_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_d650c129e76087f6e9d88b94e0c6bd4f_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Users\Admin\AppData\Local\Temp\8759.tmp
      C:\Users\Admin\AppData\Local\Temp\8759.tmp
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      PID:2996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AdobeARM.log
    Filesize

    148B

    MD5

    674df80623631df510e18674e15bd057

    SHA1

    7e12a50332bc4886df43953de6d60e7cc5e86740

    SHA256

    4268f759b70b4596d96a525047726797535b3a8098e01c389f6cd1a7ea998883

    SHA512

    e9f3f981f04f6f6a9f0869de97c96915848b188cd8393eee5b1b1f207a9be36f607ae1c52fee8cdefe2a1ae7d28a03b502901eaff0ef47dbd9d7ce2719512d50

    Download Submit

  • \Users\Admin\AppData\Local\Temp\8759.tmp
    Filesize

    145KB

    MD5

    c610e7ccd6859872c585b2a85d7dc992

    SHA1

    362b3d4b72e3add687c209c79b500b7c6a246d46

    SHA256

    14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

    SHA512

    8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

    Download Submit

  • memory/1708-1-0x0000000000300000-0x000000000034D000-memory.dmp

    Filesize

    308KB

    Download