Overview

overview

7

Static

static

3

2024-03-09...id.exe

windows7-x64

7

2024-03-09...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2024, 06:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-09_16d0e74a32f973c2e9b13c8e7736c5f5_icedid.exe

  • Size

    3.1MB

  • MD5

    16d0e74a32f973c2e9b13c8e7736c5f5

  • SHA1

    840913164d709d5e31a509571c6fcc185d6e1740

  • SHA256

    697ed9f1fe678a7861cce39407289d6ab2c818716a46c552430cde9b7028e770

  • SHA512

    5671b0eeb3198edb9082ef0d6cc88bf276475357d849086722548a06d6a527a7c69cc6d0e84b37c45c6a4b185e5c5c8f9a7cb6896bb91eabceba7403bfc5091a

  • SSDEEP

    49152:dw7cq43rhAmZLPYf4kpUJWDQ7cSwMuIdhgT/g9cRw9QrtWOs6Q:4KLQfHuV7nwdWciqrEr

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-09_16d0e74a32f973c2e9b13c8e7736c5f5_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-09_16d0e74a32f973c2e9b13c8e7736c5f5_icedid.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2220
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\Adobe\caps\caps.db
    Filesize

    25KB

    MD5

    86ed2df96dcfb1488db4d98c46ce210c

    SHA1

    95fda3ccda536ef57de36d662d9db5e532007d9d

    SHA256

    8e26ca94cda14cc783621680daf9f14927c3cef4626a83c2f06b8076727ba965

    SHA512

    32a3681d564ac336a026d2fbc421f48b803b68f41dbe633d80797faf8404375a7bdaaf31fabc8bfc984f0c189f660a16a148bc172c0d71001434a292abb450bb

    Download Submit

  • \Windows\System32\alg.exe
    Filesize

    644KB

    MD5

    e715755ebdb9dab440b03d12d1a54529

    SHA1

    d5985cc167243a2728509d07ac98b45d958c61b5

    SHA256

    c1e871470ea28f043b5de5efb74ccda78b8fce907f3babe285461729b38e02e1

    SHA512

    523e01351ab9e702dc75c32c788d769ced73e1b64a7c8ebb62a347b8a8baae26e79001ab157087f9a8b1ba24fd2515292870b8f4bbe959fafb9248e4d0377770

    Download Submit

  • memory/2220-0-0x0000000000390000-0x00000000003F7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2220-1-0x0000000000400000-0x0000000000735000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2220-7-0x0000000000390000-0x00000000003F7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2220-29-0x0000000000400000-0x0000000000735000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2716-31-0x0000000100000000-0x00000001000A4000-memory.dmp

    Filesize

    656KB

    Download

  • memory/2716-32-0x0000000100000000-0x00000001000A4000-memory.dmp

    Filesize

    656KB

    Download