Overview

overview

7

Static

static

3

2024-02-21...id.exe

windows7-x64

7

2024-02-21...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21/02/2024, 20:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-21_f9a2461635a8c9dd18336c654f046b78_icedid.exe

  • Size

    284KB

  • MD5

    f9a2461635a8c9dd18336c654f046b78

  • SHA1

    5c1d3611eb4857b96cce1d1fb848b428e9e474cd

  • SHA256

    ac5bfa43c597296edf50645e43a953d09522f1e3aefde76a11482e4ebce18857

  • SHA512

    d135cda06779135fc941623bb97a446220f69ed261e6343161164e52e0e5b47df3d962bebfff57df69c86df6a513a85c7a2a3e6e2f0538751a1d3e9fff5f5a9c

  • SSDEEP

    6144:jlDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:jlDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-21_f9a2461635a8c9dd18336c654f046b78_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-21_f9a2461635a8c9dd18336c654f046b78_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2112
    • \??\c:\windows\system\sethome581.exe
      c:\windows\system\sethome581.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\abc.lnk
    Filesize

    965B

    MD5

    470c90674fefd449bbd566dc219bb12c

    SHA1

    ed6bf4ba6bd3afc32683ef5834fe337118ab8b3b

    SHA256

    7d86c5c7290730d016b6b196e5ccbe1b93a8839f6f61911345b22c3c0828554e

    SHA512

    affb0be3d2422a660d4a6a86e076632df313387ca24c0f0168ea644999e134f440c28b66c3f0b7c6e93f52750c0a86aaeb9d069f2c495cf97cbcd960826f8c5e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Filesize

    1KB

    MD5

    28bc852174635c1177fcb3b49d7d1f16

    SHA1

    ad4482730dd2583acac572e02119aa5424c12f17

    SHA256

    20afc74913b099cdf7aab4c2d216134a290e7a65886f9a783f67fae6b929f317

    SHA512

    398f8e4a0643d3d578466a2ffaf5a6c7707cc734dd0819b05b31fcb34d14269cd4cbb758b7e29a99a250bc1b5bf9404df25a0f0bb27e2193c69620c1cee6e12b

    Download Submit

  • C:\Users\abc.lnk
    Filesize

    1KB

    MD5

    a1dc5e64fd9240773402bf2481e25ccf

    SHA1

    da531501f138a8dbf4ffd619508e19ffe517cf7d

    SHA256

    5a2df053995d0ae68a0eab5f99858895a1be291702c817284b954af6f40e040f

    SHA512

    52e55482914b513fc41c198def5444a3eb82b61aac0c167aa58f475bdf122827ea735d50553c0f273bd081cbf52c61d415f95df6bd970f2f8ead0d4e541b80fa

    Download Submit

  • \Windows\system\sethome581.exe
    Filesize

    284KB

    MD5

    e011c825f0e6ec85fd5f357ad7fbf867

    SHA1

    6b162747f43fe1fd85e536fdbbfc8a74c093bf9c

    SHA256

    e42dacae5dc21095f46b1170a4a0297d42eee0b1010cd16b83afbbe5f8e2cace

    SHA512

    0b4aa8cb32f75bace40e57e904b8b35d081881a80c3298d45a697b4308e2371f4f02cd77944dc7b822f35e35495119944ac5913eecc5bcbb6dd0aef88b708ff0

    Download Submit