a6191a3067ee5b6f92cc907918ea46202f3890083b0c1c5c696b79cd345df9da

Analysis

max time kernel
177s
max time network
233s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
Size

1.5MB
MD5

770eb0c5110dbc9de103b881096d8c49
SHA1

19d2c62ddcefe8a167410cefe333392a4ae2e68f
SHA256

a6191a3067ee5b6f92cc907918ea46202f3890083b0c1c5c696b79cd345df9da
SHA512

431658f6bdf50d1009b2e1ab939980d5333b5c12219b50807101e41e59cf9d0ddedef0a7028f2c8b4248e3caf33bfe1a3f715ee768626580c1b23779ad2d4948
SSDEEP

24576:cemgzOfFl41lzFAE64KlRGHB+Re9yvzbvHexwtT1H:cjUhIRcGe9yX9T

Score

1^/10

Malware Config

Signatures

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Tomabo.MP4Player.playlist	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Tomabo.MP4Player.playlist\shell\open\command	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\.playlist	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\.playlist\ = "Tomabo.MP4Player.playlist"	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\WOW6432Node\CLSID\{E2F580C7-E02A-40b3-9907-8BE82F28DFE9}\ = 9d89bbb29c86d0aa9db0ccb09ccdbeccce86ccb29d8699b299af94cace86cbca999689ae9dcd99ac9d86899f9d9598cb9d86becf9b96bfabce86cbca9dcc95af98cc98cb9986cc9f9c968ccf9b968ccc9cbf99ae9db3bbd1ce86a79f9d96cbcb9d95c8b39bcc9d9f	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Tomabo.MP4Player.playlist\ = "Playlist"	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Tomabo.MP4Player.playlist\DefaultIcon	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Tomabo.MP4Player.playlist\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe,1"	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Tomabo.MP4Player.playlist\shell	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Tomabo.MP4Player.playlist\shell\open	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Tomabo.MP4Player.playlist\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe\" \"%1\""	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\WOW6432Node\CLSID\{E2F580C7-E02A-40b3-9907-8BE82F28DFE9}	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4520	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
4520	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
4520	2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe

C:\Users\Admin\AppData\Local\Temp\2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-10_770eb0c5110dbc9de103b881096d8c49_icedid.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4520

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads