Overview

overview

7

Static

static

3

2024-02-18...id.exe

windows7-x64

7

2024-02-18...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/02/2024, 12:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-18_7f929f3dce90ec658201b61895e72038_icedid.exe

  • Size

    284KB

  • MD5

    7f929f3dce90ec658201b61895e72038

  • SHA1

    dc93134fd36c2499a59bcca2daf7b638d3c3b749

  • SHA256

    66595eae923deb9dc4cd623bd7f35f405b668b5ef7c64d57ad783dbcca20a214

  • SHA512

    e31876bdf998a3f45a65eabe5f3231ad567a4eb0dc089ecd3cdc98df11df22bf33855f463e11dbfa69e02a032b1f3d72964c1bc438482d968f24518d32d1c073

  • SSDEEP

    6144:SlDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:SlDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-18_7f929f3dce90ec658201b61895e72038_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-18_7f929f3dce90ec658201b61895e72038_icedid.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3268
    • \??\c:\windows\system\sethome7937.exe
      c:\windows\system\sethome7937.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4212

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
          Filesize

          1KB

          MD5

          a619ecceb8a33d8e27ae4de1777e63e6

          SHA1

          04c8d8273845f5ea3f360a94d280f616d95cabf3

          SHA256

          75e3997940ef06ef7199774756d0d2326b30f29c0a433c531f7367954e7dce31

          SHA512

          e73af2f6a6f509766b1cab80ed453c1475e888863328c321d79deaa3605a85f6fdfe8a925603bb799e215ed0c554870ef1ace28fd22defeb82093914f5305723

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
          Filesize

          1KB

          MD5

          e62d8348f69bcfa2e7c7daa81d376414

          SHA1

          ee6675371c472f68508321e1753afb62e65357fa

          SHA256

          c0868945edd37f1c0f0b72fad03dc8e8480e768d7f215e18bb09ef07c68c1bdc

          SHA512

          d0b7c93dbfca8e805ab2f9d07c8c41269c1e424fd6facf3aa06a79d93ed3f4044448f2a67d52c6ea4bc8aebd2b5330fb73d99d9678f3fe8af9b64e3832187cab

          Download Submit

        • C:\Windows\System\sethome7937.exe
          Filesize

          284KB

          MD5

          a88b43c8e377890459aabe8af33927af

          SHA1

          5a7e063ceeb54fee1212752da27bac5bdfb41747

          SHA256

          3c3a68aae071cd63679d277482d031d2ff6f76687072225aa678564605682917

          SHA512

          2ccea46d37aeff023a5c11d6495a321c62587781a560f3901cf40e47f4a8e9585586f78ab223c32e1bed06c400f3817e6ec02c00cf37413b81be31a9eb5df4fb

          Download Submit