Overview

overview

7

Static

static

3

2024-02-18...id.exe

windows7-x64

7

2024-02-18...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18/02/2024, 12:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-18_7f929f3dce90ec658201b61895e72038_icedid.exe

  • Size

    284KB

  • MD5

    7f929f3dce90ec658201b61895e72038

  • SHA1

    dc93134fd36c2499a59bcca2daf7b638d3c3b749

  • SHA256

    66595eae923deb9dc4cd623bd7f35f405b668b5ef7c64d57ad783dbcca20a214

  • SHA512

    e31876bdf998a3f45a65eabe5f3231ad567a4eb0dc089ecd3cdc98df11df22bf33855f463e11dbfa69e02a032b1f3d72964c1bc438482d968f24518d32d1c073

  • SSDEEP

    6144:SlDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:SlDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-18_7f929f3dce90ec658201b61895e72038_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-18_7f929f3dce90ec658201b61895e72038_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1152
    • \??\c:\windows\system\sethome3591.exe
      c:\windows\system\sethome3591.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2808

Network

  • flag-us
    DNS
    1235633.3322.org
    2024-02-18_7f929f3dce90ec658201b61895e72038_icedid.exe
    Remote address:
    8.8.8.8:53
    Request
    1235633.3322.org
    IN A
    Response
    1235633.3322.org
    IN A
    59.42.71.178
  • 59.42.71.178:80
    1235633.3322.org
    2024-02-18_7f929f3dce90ec658201b61895e72038_icedid.exe
    152 B
     3
  • 59.42.71.178:80
    1235633.3322.org
    2024-02-18_7f929f3dce90ec658201b61895e72038_icedid.exe
    152 B
     3
  • 59.42.71.178:80
    1235633.3322.org
    2024-02-18_7f929f3dce90ec658201b61895e72038_icedid.exe
    152 B
     3
  • 59.42.71.178:80
    1235633.3322.org
    2024-02-18_7f929f3dce90ec658201b61895e72038_icedid.exe
    152 B
     3
  • 8.8.8.8:53
    1235633.3322.org
    dns
    2024-02-18_7f929f3dce90ec658201b61895e72038_icedid.exe
    62 B
     78 B
     1
    1

    DNS Request

    1235633.3322.org

    DNS Response

    59.42.71.178

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\abc.lnk
    Filesize

    965B

    MD5

    2583ac58ece26a3e823051196cca472f

    SHA1

    8dd1f653eee66deedbdbb33f07b1282a93735b6c

    SHA256

    68ea95fb45453a51a958fff5fa991895416903e950883746a04fcea169ef12c1

    SHA512

    21a07ba6fe4ca5e4d0ec7b94cbe0f713861eff7a5c02a72af0cc105129aa6812973a50fdb44c48d14792ea287c37628218ba71747e5ce0e68eec8bc852864324

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Filesize

    1KB

    MD5

    d08bde17f00d7174861a08246edcdc14

    SHA1

    be4bfd8d6e61179c3c540a8817bb75d43614a1d9

    SHA256

    ffacba6cd77cd2aa4532f23bf25148c4f942a038946293444f28b57abc69113f

    SHA512

    ca2939cb3eff9adae45a63830ef8de1593632e6a1867eaf7ed39e5376c9bb3d8b617ab6de45bb47895b3331f2090ea070618b4d6ca846209e3ad66d11f698fb4

    Download Submit

  • C:\Users\abc.lnk
    Filesize

    1KB

    MD5

    a52c727f356575486e4a3d671ee4372f

    SHA1

    a50eb9fef8a8e2089b681851a1fa43c11b614814

    SHA256

    11613024328f8c5455af58096e0323b6bae29932be0b731018a7a7f6ba6f833e

    SHA512

    34a60ebcdaf53c5cfca8e2db9d4a4d5bfcf5ef32175664dba056c8b5c3b0e762795255b125484674e36a3a1a0b9877d4e70cc092edb69603ed86e4fd44edcd40

    Download Submit

  • \Windows\system\sethome3591.exe
    Filesize

    284KB

    MD5

    7e7469f85c78f68a1148dc41949ab660

    SHA1

    3fbedef2f8101738838573bed8259f01b470d183

    SHA256

    53492ba0da15914831f06cf0807ef84069b5bde682ff0fe01a4ce2c1f7eb0dce

    SHA512

    b02f1788d4a11b56edcb7556820dc7a884b5a8eeb61336c92752d4f1728743d11edfe283c3f47f3ab14c2a65219f9ce6ec229e90d2f3ab2225adf2929b5e2ff3

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.