4141ee0a1aaf0895042da4e07893e32bb57be414fbdd0134f5f6bd313d7ff93d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 07:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
Size

1.4MB
MD5

d8ff3ae2ee05b36e2a8b87a153cf42f9
SHA1

bd43d78e239c3cb218fb92113f9104076e8852b5
SHA256

4141ee0a1aaf0895042da4e07893e32bb57be414fbdd0134f5f6bd313d7ff93d
SHA512

6bfc5de2d94eca681c2e98b1328bde5b675f562d83d495f9eebbe3d4fbc0d7f14d2b8cf87d83ad4732f2df45b61848a3bfcf7077ee3e1da3e200089af658c1c3
SSDEEP

24576:sK9BSZNTu8g1lzFXE6qQ8ZeOxPXXilXvjOY1Tl:sK9BSGUc8ZDxcXLOiT

Score

1^/10

Malware Config

Signatures

Modifies registry class 14 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\TubeMateSoftware.TubeMatePlayer.playlist\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe\" \"%1\""	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\.playlist	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Wow6432Node\CLSID	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Wow6432Node\CLSID\{7F52DDB8-B6BC-4100-B621-126D1971E9EE}\ = 9d89bbb29cbf91ad9db08daa9db095afce86ccb29d8699b299af94cace86cbca99968daa9c9694cf9d86999f9d9598cb9d86becf99bf91b3ce86cbca9dcc99aa9c9698ca9c86bf9f9c968ccf9b968ccc9cbf91ae9c89bbd1ce86a79f9d96c8b29bcd88cf9dbfc89f	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\TubeMateSoftware.TubeMatePlayer.playlist\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe,1"	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\TubeMateSoftware.TubeMatePlayer.playlist\shell	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\TubeMateSoftware.TubeMatePlayer.playlist\shell\open\command	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\TubeMateSoftware.TubeMatePlayer.playlist\ = "Playlist"	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\TubeMateSoftware.TubeMatePlayer.playlist\DefaultIcon	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\.playlist\ = "TubeMateSoftware.TubeMatePlayer.playlist"	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Wow6432Node\CLSID\{7F52DDB8-B6BC-4100-B621-126D1971E9EE}	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\TubeMateSoftware.TubeMatePlayer.playlist	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Wow6432Node	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\TubeMateSoftware.TubeMatePlayer.playlist\shell\open	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2916	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
2916	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
2916	2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe

C:\Users\Admin\AppData\Local\Temp\2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-08_d8ff3ae2ee05b36e2a8b87a153cf42f9_icedid.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2916

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads