Overview

overview

3

Static

static

3

2024-03-16...id.exe

windows7-x64

3

2024-03-16...id.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/03/2024, 05:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-16_35bd8729f33c48f68371a53609d60708_icedid.exe

  • Size

    3.7MB

  • MD5

    35bd8729f33c48f68371a53609d60708

  • SHA1

    1ad939dd1177fb3b6c9d072ece26416e03025313

  • SHA256

    5dc51b094f67288c8648674d14a86c2e9db229a5252f5d772884a0eb021c6637

  • SHA512

    7fc0d5de284edf8bed3d58be65f3a5a06297ea8f27d8a2c7fa9e421c0d8ce6e7bfbee7984f68196da23b00ed46c7f5cf71b6d55bf85b27f0bc63b85619700d5b

  • SSDEEP

    98304:6ITpXbPOnL78DEdffv/v/X16nSE/dgBGbdYaIIqmwlTLobTE9BgD:6QpP6veYffv/v/wR/CBGbdYaIIqmwlTs

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-16_35bd8729f33c48f68371a53609d60708_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-16_35bd8729f33c48f68371a53609d60708_icedid.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3048
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 2996
      2⤵
      • Program crash
      PID:1200
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3048 -ip 3048
    1⤵
      PID:1128
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:4200
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4244

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\WQM.ini
              Filesize

              293B

              MD5

              466d52bbd57ea1c74d5a91205a1dc165

              SHA1

              46cccb28d055d35be58142733b981dc8da799be7

              SHA256

              c0b202a3e91f90fc1f31368c328fae355941575d221a3dc8f5029679fa63eab7

              SHA512

              f925d88aeba6791cc7a0161c799991192d7c17840086e289e90d44ee56829258f698a95ea02e77c96a96c102c2ec9c8701cd25b48246a093cdca2b8819c266e4

              Download Submit

            • memory/4244-29-0x00000211B8040000-0x00000211B8050000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4244-45-0x00000211B8140000-0x00000211B8150000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4244-61-0x00000211C06B0000-0x00000211C06B1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-62-0x00000211C06E0000-0x00000211C06E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-63-0x00000211C06E0000-0x00000211C06E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-64-0x00000211C06E0000-0x00000211C06E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-65-0x00000211C06E0000-0x00000211C06E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-66-0x00000211C06E0000-0x00000211C06E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-67-0x00000211C06E0000-0x00000211C06E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-68-0x00000211C06E0000-0x00000211C06E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-69-0x00000211C06E0000-0x00000211C06E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-70-0x00000211C06E0000-0x00000211C06E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-71-0x00000211C06E0000-0x00000211C06E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-72-0x00000211C0300000-0x00000211C0301000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-73-0x00000211C02F0000-0x00000211C02F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-75-0x00000211C0300000-0x00000211C0301000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-78-0x00000211C02F0000-0x00000211C02F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-81-0x00000211B79F0000-0x00000211B79F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-93-0x00000211C0430000-0x00000211C0431000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-97-0x00000211C0550000-0x00000211C0551000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-96-0x00000211C0440000-0x00000211C0441000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4244-95-0x00000211C0440000-0x00000211C0441000-memory.dmp

              Filesize

              4KB

              Download