Overview

overview

7

Static

static

3

2024-03-18...id.exe

windows7-x64

7

2024-03-18...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 10:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-18_aae20f939bb903a31282e41b04ccb66c_icedid.exe

  • Size

    284KB

  • MD5

    aae20f939bb903a31282e41b04ccb66c

  • SHA1

    6ab6973819a6407c51aa31a81f27f03e6425defe

  • SHA256

    874f75009b3c7746a09706fac6206c4c73ec7d9113a991adac87e3fcae5659e8

  • SHA512

    8affba1b3f6e2864a46454efc1f93d7f4520a054f6064c23757e780daf36847cd77575acabbf24423de1d3da0cd3badf18abae3211a2f87f6e6caaca8c5b824e

  • SSDEEP

    6144:KlDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:KlDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-18_aae20f939bb903a31282e41b04ccb66c_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-18_aae20f939bb903a31282e41b04ccb66c_icedid.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1736
    • \??\c:\windows\system\sethome5953.exe
      c:\windows\system\sethome5953.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
    Filesize

    1KB

    MD5

    0191104e1d5e2fb4f19d7ed7a6b4cdf8

    SHA1

    51f3ddeea8605de4788f9c41235ff5b8915bdf4c

    SHA256

    c38d7e300d5ab6b184ccd5ec9f4c3aa95cce8238910cc1cd67cca2b74abfa1d0

    SHA512

    20a7014eef977f59342d334cd1390ec4984046954f5598e46b0c306120c6ce8f2e74348f539bc3b70ad300168cf0bafe8fb668a56aae54a7674f7cd7d2678f5c

    Download Submit

  • C:\Windows\System\sethome5953.exe
    Filesize

    284KB

    MD5

    9d511e926552a1bfbeaf9ce13b2cf499

    SHA1

    6dfca3153bb339df4c6934440ef60009dd77a08b

    SHA256

    87acfa79ba826978b249d1cda95ceb07cde54a17e13c7f470823843b66a39c34

    SHA512

    5663279caf9be749380018e93de13e508ab10d1029d11b327cb9dba03091fb7143b1b04ebd0dbd00fb057e9e7f4fd62dd491ab391d10fbb7f61005c80bc3a31c

    Download Submit