Overview

overview

7

Static

static

3

2024-02-21...id.exe

windows7-x64

7

2024-02-21...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-02-2024 23:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-21_d4220b62c97bec88a8e274eba80a7cc3_icedid.exe

  • Size

    284KB

  • MD5

    d4220b62c97bec88a8e274eba80a7cc3

  • SHA1

    2ee3d0adbcd44e4c6d5751077a29652f18e5afe8

  • SHA256

    b3a930b2f540dd4e80af2bbc1f9620ecf06dd5c83201ce9a242776d88588b833

  • SHA512

    54fbb029c791bee66a0d8a69d3c048fa73fa9dac4c167782b467437928bb690b193b085465f20dbab1d47ee247fba643166b4f6ddf26ccfa2c293666e9f67d95

  • SSDEEP

    6144:3lDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:3lDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-21_d4220b62c97bec88a8e274eba80a7cc3_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-21_d4220b62c97bec88a8e274eba80a7cc3_icedid.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3880
    • \??\c:\windows\system\sethome4750.exe
      c:\windows\system\sethome4750.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
    Filesize

    1KB

    MD5

    db184720c3a657dc4d15aeb8225ac76f

    SHA1

    5b2ba3834239504b69c9c89a853154d5695400c9

    SHA256

    23aed695bd2dcba948a549dfab9b8ce1cc913c5a70715cdd41a01a3d0e14f7d7

    SHA512

    dab18640b925f37291f44715af772361691b41fc7c3b054d2edfbbbf494792acf446cd7b6fc5f96816c63a3aaf148ef20780f1acec5a6ac08c2dd215c90fce74

    Download Submit

  • C:\Users\abc.lnk
    Filesize

    1KB

    MD5

    16adad9b179c9075fe0b908e39c1e013

    SHA1

    60fb66de22e229cc3df80c1a29abc3891ed5700b

    SHA256

    ae4305d1d55ef53e4a27f1d5f85f9d865189f095fb395525a071c72ed2feb0fc

    SHA512

    b9f586b9fa6e6e2e6debe83abf3b60c8c5bb56242c22a74cd436dc419f31adcfa9c409ce53ba0ebf5abb251d501faf66958f8697dc472d97f07ed7beb94f25de

    Download Submit

  • \??\c:\windows\system\sethome4750.exe
    Filesize

    284KB

    MD5

    0abb813b9f2d6da68c21fec4359131d3

    SHA1

    65145399a83abdd43f61872cc9c3c22c802383f6

    SHA256

    1c86676bffcbd2b152bdd923d48bf0847d6f4969df864676477397c352b15b5d

    SHA512

    bb87ac643a9ff4b3d39398895260749be5c897e4e6fe83f6215aff3831c22f42c64dc40136c901f69aceb645efa55c08b4e93ba792479fffb3a5257d2f9256d2

    Download Submit