Overview

overview

7

Static

static

3

2024-02-20...id.exe

windows7-x64

7

2024-02-20...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    20/02/2024, 05:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-20_da3e62a7f46018ec2a74861610c203f9_icedid.exe

  • Size

    1.0MB

  • MD5

    da3e62a7f46018ec2a74861610c203f9

  • SHA1

    34513284a4482f230900228f4a518471c15841fa

  • SHA256

    5545f73824ab230e436f4dcb4d27e0dc40d7ae29909c278e2f4193229144276d

  • SHA512

    c09c70266a737e247f8a8292ce9286059649b2ca1371b27f85bdbc239cacccef29edb4424017ae44a36888165bb7a935334adc7d886abaf6b899831ba59175b6

  • SSDEEP

    3072:mFsXHG0B7W4SvoTcM/lC9hFi1G9CzniX1g/lCIwleM2zQ7T5D/WRYEX+Rot:VHG0BCwbgLF4GCniX2lK28FVs

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 4 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-20_da3e62a7f46018ec2a74861610c203f9_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-20_da3e62a7f46018ec2a74861610c203f9_icedid.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Windows\sysmgr.exe
      "C:\Windows\sysmgr.exe"
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in Program Files directory
      • Drops file in Windows directory
      PID:2916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\svc.dat
    Filesize

    2KB

    MD5

    66a5a27a0a43900152393c4f9bd7d6c0

    SHA1

    24d7cd7637156f492493e339e21b31395e24f446

    SHA256

    bb2c25ee4d1838a254ecbba60ac254a2e62a886d2071cae3d662a2329f6cfa16

    SHA512

    45b80680bc98183a8e084395c7e3b7665fb0e1f6c8de86f26047814d0cfbb2e7a2b0b3a5c38aeebf87b6eff335bc206005981ccd1d11fc7110e818e9680eaf79

    Download Submit

  • C:\Windows\sysmgr.exe
    Filesize

    36KB

    MD5

    2373dfbdba70b54164d4fe163f7f59f1

    SHA1

    fbc51778f9e4868ddce4763d0bef4cb48090e3f6

    SHA256

    e506e529d2d1d80ba433d4dec9fcbf07506112c8d0a130bed322f03346640456

    SHA512

    32e48c596def05ddd1c987ae54cb069f750e0e4a993aa9f5c1d69e11c49ca90f6d324dfb4fa7c29c7d642eb2d939b2efe9332e0f4f4cbc5a0b2893adbf8598ec

    Download Submit

  • memory/2336-0-0x0000000000400000-0x0000000000507000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2336-11-0x0000000000400000-0x0000000000507000-memory.dmp

    Filesize

    1.0MB

    Download