697c407daa73cde2c1c86c5b22c795b612e65176fd156575321654e29abc2bea

Analysis

max time kernel
91s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-03-2024 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe
Size

284KB
MD5

88d5a2a7fe37b7efd3d85b64399d62a3
SHA1

c1dcdadbeed2794fa11e21bf03bf01986abd787d
SHA256

697c407daa73cde2c1c86c5b22c795b612e65176fd156575321654e29abc2bea
SHA512

94280a81aaf8bf9864b6880e7263254f5caa266f57c420553fca1442e3c0f94e76d92f790f274cd53ec21967fe24828f8314b4957a9749b11b7656b08f411cf2
SSDEEP

6144:1lDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:1lDx7mlHZo7HoRv177ePH

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2392	sethome5718.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system\sethome5718.exe	2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe
File opened for modification	\??\c:\windows\system\sethome5718.exe	2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://www.baiduo.org/"	2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2244	2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe
2244	2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2244	2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe
2244	2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe
2244	2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe
2244	2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe
2392	sethome5718.exe
2392	sethome5718.exe
2392	sethome5718.exe
2392	sethome5718.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2392	2244	2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe	85
PID 2244 wrote to memory of 2392	2244	2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe	85
PID 2244 wrote to memory of 2392	2244	2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe	85

C:\Users\Admin\AppData\Local\Temp\2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-12_88d5a2a7fe37b7efd3d85b64399d62a3_icedid.exe"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer start page
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244
- \??\c:\windows\system\sethome5718.exe
  c:\windows\system\sethome5718.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk

Filesize
1KB

MD5
e2a5e6762cbbb4c5a36473af1839cea8

SHA1
ad5748cfcf3a1453731eda343fb3064b0c49315f

SHA256
868927b5b9a7cb765cb55a37418fa16734c099371f2f7c3ff51ab6b14731ca8c

SHA512
5bd7c73b4fec63c533fc665d848c31908485d92a7734f9bd16a4221028cabac07e8a75182294b771a2243910f9fb03acf7cfc6063eaf0845f5346ac7452bd9b9

Download Submit
C:\Users\abc.lnk

Filesize
1KB

MD5
21d352546faf3554e67a495f018009b8

SHA1
9db59139140aaa75ea5206c0e58a024db2cf1d60

SHA256
177d049b0b25a791114171368c06f7900349d3536381d962c48eef2b5ef122d7

SHA512
180fd5ae41bac23cc849f353bb974930b1f1ef0899eec24c75c759b57a32674974ad0c699bb834939be1934ce6a8f7df6e4fc1b0493c9500812c1dd6f5eaa3da

Download Submit
C:\Windows\System\sethome5718.exe

Filesize
284KB

MD5
a88dfc5d98492faf05b70e6b10856aae

SHA1
c175a9f745a4b6b7b2021ce21c064460c2482360

SHA256
41c6ba9aa6c12ae7d917637f098a703d3a27b8d6ff4dee7b76ca0937a7bf4cac

SHA512
9e26762a99b5f93a42360dd69fe46a3c6ad26e0a30a03b6bb56ba48b9d5692ef17872c88acd3e1d594034122fd2bb9bed9a98fda9b0196667085c43d541963c6

Download Submit