90dc55e7e9d9b0cc1ba54490ddc41c7fd6594d983f59924b3f0b25f97330cc3c

Analysis

max time kernel
0s
max time network
0s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-02-2024 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe
Size

11.1MB
MD5

45c519f18865af1f1e976d436b1538df
SHA1

6c47903384e1bd7be1351c607d3b7314b0babc97
SHA256

90dc55e7e9d9b0cc1ba54490ddc41c7fd6594d983f59924b3f0b25f97330cc3c
SHA512

64cbc0ee094f509138cc07cdfabfef4906ba41c2e5222c8c6661985bbd9372fa8453f86a8a90e2f4376b43a4b20ada727c87b7e38724980650df2928890c41e3
SSDEEP

196608:+mY+HbBEK1InkODcwkrvuM+VI0/AsAIGKSjLO729AStq8lQtdwIjzO9o:PBEuInkONAm3F/jsV3XhlwdwMa9o

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2336	autorun.exe

Loads dropped DLL 2 IoCs

pid	Process
2872	2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe
2336	autorun.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2872	2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2336	2872	2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe	28
PID 2872 wrote to memory of 2336	2872	2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe	28
PID 2872 wrote to memory of 2336	2872	2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe	28
PID 2872 wrote to memory of 2336	2872	2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe	28
PID 2872 wrote to memory of 2336	2872	2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe	28
PID 2872 wrote to memory of 2336	2872	2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe	28
PID 2872 wrote to memory of 2336	2872	2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
  "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Spotify Premium Activator.exe

Filesize
685KB

MD5
566787f46f3332e48e6a898db92563d5

SHA1
9a670f19773e8ec0919cc6900ff7273c93b0154d

SHA256
9c0500c3895cc61b423d9f32ac597f46910f3dbf1afa928cd14dd5c60b826a20

SHA512
f991e02d7e056662bfd0af917b65f29dbf3934b827f11f07436c77eeb5054a94ea2fe1cf21415b48d79ae475569bb8469c2f1163a4245b6a0de4bc8c3e767a9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Icons\atom.ico

Filesize
356KB

MD5
815d32c768224bf9e6a83231d5be7152

SHA1
f48c74965413b106093bb23d9dd1b49f8b5da9e5

SHA256
bfad22714d9a1bf2f3cf6d609d94b8f211a4922484b9d35fe6f30cd09540bdda

SHA512
a866be648689f5a2ec065884d5304bcec2a8091b2edc535744a5e14fb7c70577b0d739b58ecc27b30e7127ccb43ddf86e82c5615a3f5ffdcd6bed90333e8d18c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\Fade.tns

Filesize
2KB

MD5
75a270e5ba696738c36ddbacc72fd147

SHA1
0786860d6a55b4f6d025048b1416833fe9804fed

SHA256
263bb7ff4727b588d1b85b234a57dc88e263ceb65f36c3e36078e7411a9f6dd8

SHA512
27b6acda13178f1bf7ec8d9c24693fda4b792e19f6847ea3e7fc3ebf51ced2217151b5f5c09d3d2c2abf6b1b00bfb3b98985ddc1bf2b6285204da21344fb3dc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd

Filesize
1.1MB

MD5
acaedac94625386ebb17da0447588bb0

SHA1
37e44a2dc5742786ce83fc9553fcb11c8670dc94

SHA256
7146f173db17ae49df541e447010ee873f4847db059584f9f03c8862ad0d85b6

SHA512
6e9be410135814a9823c6c9eadb017e4c4a19902844e02ef217f45e5e68e4ff617a612471eaa46d8315378e3e726679c7c34a96a08e60e61e144a625814317e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
4.1MB

MD5
70d326bdcd9fd7c66857329d69a28373

SHA1
b220058475ecd48384739c5cbf41c13a13a1bce0

SHA256
68fc7b5bb122a75cb03f7080d271c40d8c01ac8ca8db537ab8e63aaceed1da43

SHA512
9afb47289d2262b81cb30ddbd6b7935b1359fee55b53e550e505a5e914d1b9846bb5c1dc7fdcb96ae1fb4e3557190999ba6308e56b02242a40fda14b8321a5fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
3.2MB

MD5
0d9d35a14c3ba4003c357eae8b814514

SHA1
e66e15673596e38f9deb9dcc622ed3ed6d551224

SHA256
edcf015b19a8416fcfffbe2471fe0b91d23d72880698cb2e3ae0cb47e8e223db

SHA512
6bdb656ee9d0ff7e0c14ead273fff7f956c5d334c5ba88cb568ff44ac84a550e41d01f0b8d0a92461956c8e279ca27ede1a4a44b6efc12ae69f1804b7809feba

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
2.1MB

MD5
0f7958da83bc2dfe95df7f75197f3307

SHA1
91384d19f5e2bf82ea7a895df417a17a597b7a29

SHA256
f948af177bb24b9953deeac3c48cc227e9569e7a747f63fa7da9b370c34c34a9

SHA512
b684c5210ff85a9157806107615c99da92b946250ad9cc84d31c230d46158539c29b23da0056838c017c772d0d338e6b4985e462d91bf46561ee8b6970f020cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

Filesize
327KB

MD5
50f1d9f2093914c7712068608f3d66f2

SHA1
c38c655526b9ba929f01259cd35abb65744448f0

SHA256
ebeb211dfe4fce993d63206b2e3f284b569274db4730a8ee341ee81eccac9a5f

SHA512
07841d260770288f34b3e6413f6044742d82794d0812d9d58ebb2b881f935ee7661c94acddcf3a25817a98168789de0e0e0a98baaddbac2ec097a3efdd22c9ac

Download Submit
\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
4.8MB

MD5
7b6a5e95073f0774420dd09d8a66306a

SHA1
25ba9c8133c2da0241d43d800397b111f7bb831b

SHA256
ef892f4cb9b79dd76315f0a7cd534af72e9cc2dcd96974429ce46f54a40e51ee

SHA512
a52028184cbad10b8a3112623f90b89dc67042a66bc6d6b5ccd4ebb4968be8d7a8900ea145ba4f905b56bf27d35f3f3f202e0e6e79b8d749a65196076edb2017

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads