90dc55e7e9d9b0cc1ba54490ddc41c7fd6594d983f59924b3f0b25f97330cc3c

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-02-2024 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe
Size

11.1MB
MD5

45c519f18865af1f1e976d436b1538df
SHA1

6c47903384e1bd7be1351c607d3b7314b0babc97
SHA256

90dc55e7e9d9b0cc1ba54490ddc41c7fd6594d983f59924b3f0b25f97330cc3c
SHA512

64cbc0ee094f509138cc07cdfabfef4906ba41c2e5222c8c6661985bbd9372fa8453f86a8a90e2f4376b43a4b20ada727c87b7e38724980650df2928890c41e3
SSDEEP

196608:+mY+HbBEK1InkODcwkrvuM+VI0/AsAIGKSjLO729AStq8lQtdwIjzO9o:PBEuInkONAm3F/jsV3XhlwdwMa9o

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3600	autorun.exe

Loads dropped DLL 7 IoCs

pid	Process
3600	autorun.exe
3600	autorun.exe
3600	autorun.exe
3600	autorun.exe
3600	autorun.exe
3600	autorun.exe
3600	autorun.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3600	autorun.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1272	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1272	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1796	2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe
3600	autorun.exe
3600	autorun.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 3600	1796	2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe	88
PID 1796 wrote to memory of 3600	1796	2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe	88
PID 1796 wrote to memory of 3600	1796	2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe	88

C:\Users\Admin\AppData\Local\Temp\2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
  "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\2024-02-29_45c519f18865af1f1e976d436b1538df_icedid.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3600

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Audio\Movie.wav

Filesize
16KB

MD5
af0474180a555f97c3cbd48dea7d7350

SHA1
c393787140e78995a44a474106812787fe5afce1

SHA256
8e6862ccb314e038401274bedf0cc9565c8aab5b17af59cd9585b5e493bdf001

SHA512
cebd6884c1e9c1604284e95f9a46f0c640cf18f673566f3ec41a082a2d26b0e16c2f898a68edb81528d7daff0314e898684de57875d8c981e69e9eb7f26fa5d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\exit.btn

Filesize
1KB

MD5
f7cec6db948e030bfa9520020581abdd

SHA1
bf1eb8c568a88c66cd2a69e9de1ad64fc59441fc

SHA256
18072be3b4a239eaef70b558b5b06f572b7905cbe0eb0d19b68cdda48fd90bf4

SHA512
6ade6c966f10367ccca161033df5bbc217309bd36b61ca9457ec6547c313c13113cfdc1a005a62fcf8448e492fa0309c980b795060a82bc7ce7319cbb9e7eb5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\gamer_button.btn

Filesize
37KB

MD5
8fc99d953e0d12624cdc947c70f3ef87

SHA1
338d2fa68323b6eccd6f9b8270a09084ee41e604

SHA256
9b71baf539a10a7f7dc5f2e6b9de8117194035170626cd09ae6075a6e8888b43

SHA512
a1c0bf2ef7d4ef99fc2ec5d8c91923299c3b9e3cf09973444a801473d06f0da6f3d3c4ca191b06fcd6a206d572c7da7fdfa6266848258a094d09501d42648c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\minimize.btn

Filesize
1KB

MD5
606ae7e788f3ec708dc6685862b020e2

SHA1
b583538afe083a17586d22193658ca56c9863024

SHA256
59b5282905101b5018b438ce597d22bb83a29c5cfe2e0e737bd0016d41055d3c

SHA512
82d3a06bbdbc2f1d093fd03fd0bcc68a770edfc10c4f6427f223fb5c1b3e89e34fe4b5aff24a0d5d91fca0aee1b9aed07bd600c69e4d31c7e9beacd981fe0d07

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\zombie_button.btn

Filesize
109KB

MD5
cc082b413f610be2dbde40f3e6945695

SHA1
3d7ddbbf08d41ef9427be07fd81a7bcb95d4da7c

SHA256
0f2cc11c9909f00f912818a09da2afe3e036b295d55feeeb45ff86b0dc8b1543

SHA512
995015afc9d65da24e962014d74d6f7a48f1056669f3e347bb804a47213ba789b2de24612a0fccc7a41879ebab430912bd36e1ac2e5e85bff66a75305530cd54

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Spotify Premium Activator.exe

Filesize
685KB

MD5
566787f46f3332e48e6a898db92563d5

SHA1
9a670f19773e8ec0919cc6900ff7273c93b0154d

SHA256
9c0500c3895cc61b423d9f32ac597f46910f3dbf1afa928cd14dd5c60b826a20

SHA512
f991e02d7e056662bfd0af917b65f29dbf3934b827f11f07436c77eeb5054a94ea2fe1cf21415b48d79ae475569bb8469c2f1163a4245b6a0de4bc8c3e767a9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Icons\atom.ico

Filesize
356KB

MD5
815d32c768224bf9e6a83231d5be7152

SHA1
f48c74965413b106093bb23d9dd1b49f8b5da9e5

SHA256
bfad22714d9a1bf2f3cf6d609d94b8f211a4922484b9d35fe6f30cd09540bdda

SHA512
a866be648689f5a2ec065884d5304bcec2a8091b2edc535744a5e14fb7c70577b0d739b58ecc27b30e7127ccb43ddf86e82c5615a3f5ffdcd6bed90333e8d18c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\630_1.png

Filesize
7KB

MD5
be637600d52cf6d652dd4d85a8225486

SHA1
77b93933aa853af5201ea88a54cc8744ae8a27a9

SHA256
738b360e502360fbf71df4b03e9f28c3c67ded11f52fbbbb29ec90016a3dbb91

SHA512
566a4587c407c97d03716c42dc9a7a0618d06541377e323e2a85326197617e72e6d2c9b9ea943f4067db4f09bfe9c82c113e46bb8f4179ecf05fc0be47ee9ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\6430.jpg

Filesize
154KB

MD5
a5a029d2e472da809c67ffe6ced8a4f9

SHA1
446c179072acbc2b0756e461135e0a2d39570523

SHA256
c4b321ec8c9f88cb4aefef222425c906dd561f7ea59f215996c43b960da449a4

SHA512
7fbda3a93b25da15685e3f5932e7bea927eafd09e0c8c284e76fe875711ba909d294e31e7c38f993dfc5eaa529be83644ffc42425432f8e412ce8a57cbf6568a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Activator.png

Filesize
42KB

MD5
dad014064fd4b0b7934483c38d535695

SHA1
8154f1103de22f856b9bf8889a219044e0532036

SHA256
8528f58a381ee124bf24741af3c37fa24e94fb62e2520075c7dec1bbeef6fef4

SHA512
76032df568f44e790b7d204e1b2b5c83501d5c819d0eef51c46a253285a879eb427a52404f4fc55aa4790d4a08538cd9edf22b2032837af6fb83b43c33c38d04

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\IDM.png

Filesize
81KB

MD5
0df4a194d342f1777c7d0b7e6ce11cca

SHA1
845485631918c0fda14ee4097f42e0034ca76181

SHA256
b85eb7dd79e748560b3e9a60f163d67079e1b5d5424b010e72bb10898c2f02ce

SHA512
1f114580ea63f5ec06882bf6fd7ab0c8ce4dd0c729818151af49d0a938f14de139f5e118709ddb490c37b255f5586d1cb01f950e885ba9c6b3a90ae97b44d26a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Microsoft.png

Filesize
28KB

MD5
f666bc022e9bebb47e96e61a1b0b395b

SHA1
bec01c84c631eea486b0e4b802195ac245688d2a

SHA256
2aa77a05cb480dae0467ac63da916a2bbfef5b47eaade3692225bcb3445c4295

SHA512
a78a61fd53f72628d098b12856894b54be5648ee9b8d4b9b2b3402de9a1c71d0f0eb2bcee609f7599c57cb8372f29d3ca629fdc154ad94df746395bba97d243c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\S10G.png

Filesize
21KB

MD5
f1d474247f97c4a46325274eb5142966

SHA1
309519599f332faba42b0ba45697a32b16d88db0

SHA256
8a720738c0e44df0ffbd469a139f58592eb60cab3a634360d0db8d2275289efe

SHA512
b9963328a59e4e95592251992d5768d148c79e6d89f4be261df4578513199f75a2ecdeae50dc206b8b1db1bcfe93c298d2e1e43a450b9094c714708c1f29ec3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Sky Logo.png

Filesize
19KB

MD5
4be6c4de736b1d97fa4038b1b309df95

SHA1
b6f2e7917ac78d34a3577c34a9fe1283cc63fbed

SHA256
d03b3721a211f2071595947def5249c636d39d5955020569170d99428cbde4a2

SHA512
3f0e9d86d5559ce659f25eddc13060b2b962208f7bc9e388c837375ac9a3c1e1dd5011cb29f0dbab460c5919fa921ca338ab6881426422c524aeb2f59425d097

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Spotify.png

Filesize
43KB

MD5
bc8b422c5ee5732cbaeb4820cd3502d3

SHA1
4cca3ae739dea36cf2dc2b3096ebf93aa9dace4d

SHA256
81eb477d54c4e833e7854362b238fb0d4e690fa530f020b89b65929cbab93732

SHA512
30cbc1d7a128153177d6e261ea52041a1d205474a63015c6b49c2e0eb95d60fdb92bd2a153a80ddd1f5b30007636de693441d76f1ef0bda72002ae7834771757

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\black-and-gray-wall-architecture-background-wallpaper-1920x1080_48.jpg

Filesize
431KB

MD5
a8d6d483129d67331ff4efb77a447768

SHA1
a920900efc207b7ce15deeeb1beea7d7d486b99d

SHA256
9edfb85fc256c1415612a03050ad3780c055e7a351c9e900ca344e99b1520852

SHA512
fb08b9497685cff56c1e9d4b31b7f9bbc5facebe61a5d97201b0cc819d6b3bd40b48f0049da7c0d2edb561400d069a4fb390809ac810a9696fdd8dcea4ffd3f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\panel.png

Filesize
548KB

MD5
c942b8957725cf16a1f56b5eeb005cf7

SHA1
7923abbcf027a8bcce08e4447ce8597a7cbae2f3

SHA256
5dce1147ec49511273918e3782aaab5e179fba3906f9edcaba941c2c3db600d4

SHA512
d9287ca786d32cb0c7ea04be8cdc74a2ec14031242c1dbde481657aca373fa189f6f678019f2922481ce13232ab2f96abba8e32ae1acf7bfc1d7985ac65aa376

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\Fade.tns

Filesize
90KB

MD5
daf7f11e954375aae02ee361812571c4

SHA1
ac9f8988569b11a4421bd3b5076e5f77151cc9ce

SHA256
44772ae07976ba0d63ee6852b611e36bfa0aef55e11880bb087d056abb6d76b4

SHA512
0c4175f6bced52d5f77a1cf1e724be456240b117c0e96ebfc1720c700f521a376cee8a4beb5dd2618ade3d28aae580f2d3dcff9373c451ff3a41f4e0db5f614d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\IRDissolveTransition.tns

Filesize
136KB

MD5
6a9b0ab9341ac4204aafc7fac9872962

SHA1
dc6ceafcb39b7329552d0883f2c3284dddbb0ddc

SHA256
6315b5d1869c3b4cbcbead77ad63da3a60d86ede287eccef338f74178ec181f2

SHA512
76bacf1de5ac883bb47ae8d3299d5f399ae84bcd19eadc3fd8ee01ae2605bbbbddd6aacf7fdec490b8e6baf362ae05dbf972a5710c2bc732e8542a1c5d04bca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\IRWipeTransitions.tns

Filesize
132KB

MD5
a539ec7d0360ec3cec602f2efae23431

SHA1
7abfc4b804e48da8959853dadc167ecad7c55f08

SHA256
56bccf800014462ea1393f0d6008fbecff6fbb8d1761dbf1aed8880bdd0a6408

SHA512
17984c3eaf5eb51780f83a5575b074473c88bb7239ff24b0f3b7ff767d26b08beeaab58ac7d122d5588c2d648cc1ec61fd9d3d4807793a95e6e91942db89f2bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd

Filesize
1.1MB

MD5
acaedac94625386ebb17da0447588bb0

SHA1
37e44a2dc5742786ce83fc9553fcb11c8670dc94

SHA256
7146f173db17ae49df541e447010ee873f4847db059584f9f03c8862ad0d85b6

SHA512
6e9be410135814a9823c6c9eadb017e4c4a19902844e02ef217f45e5e68e4ff617a612471eaa46d8315378e3e726679c7c34a96a08e60e61e144a625814317e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
142KB

MD5
45a4b686e2b16d2f7a4f55368197f819

SHA1
6abe3996b15251946c2981ef58da4caa7420b744

SHA256
44f41036e350122eb16cb48b14cbb27856b6d969e8e803151271d1f15a2f8924

SHA512
ac2885b6567504c3c940f9e07cffbb4a1faa494b016f8eea6a87a538d7f8e59992e905bcb420bce0c8c6c4f92faeb5e11592725f682285c958a6271a3176c404

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
6.4MB

MD5
2d979a724466b94dbd292d676a200cfe

SHA1
50463a0a16badf87ba6a150370a140598d73f05c

SHA256
bf9a4f3f7831559f371133af368502d318bf0235f800f44d74b643448ecf63f1

SHA512
ea95364a88964857f67776654c400cfdb8b584155919a840fedff098c4f754d7007af556d7f92b2c40a676945cdcff3af24ee41cab3bedf97a7f99e912e790a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

Filesize
327KB

MD5
50f1d9f2093914c7712068608f3d66f2

SHA1
c38c655526b9ba929f01259cd35abb65744448f0

SHA256
ebeb211dfe4fce993d63206b2e3f284b569274db4730a8ee341ee81eccac9a5f

SHA512
07841d260770288f34b3e6413f6044742d82794d0812d9d58ebb2b881f935ee7661c94acddcf3a25817a98168789de0e0e0a98baaddbac2ec097a3efdd22c9ac

Download Submit
memory/3600-161-0x0000000003E30000-0x0000000003E33000-memory.dmp

Filesize
12KB

Download
memory/3600-164-0x0000000010000000-0x0000000010042000-memory.dmp

Filesize
264KB

Download
memory/3600-163-0x0000000003E30000-0x0000000003E33000-memory.dmp

Filesize
12KB

Download
memory/3600-159-0x0000000010000000-0x0000000010042000-memory.dmp

Filesize
264KB

Download
memory/3600-188-0x0000000003E30000-0x0000000003E33000-memory.dmp

Filesize
12KB

Download