Overview

overview

7

Static

static

3

2024-03-19...id.exe

windows7-x64

7

2024-03-19...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-03-2024 16:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-19_747dd9725bde096e80343bd41765b8a4_icedid.exe

  • Size

    284KB

  • MD5

    747dd9725bde096e80343bd41765b8a4

  • SHA1

    dcc14d7074709a128727d5c84842b100e3b52203

  • SHA256

    1a4ccc87c7d0321fe0ee0682bec1ab74014eb3dfc6a5967ab030a2d602370b10

  • SHA512

    aff18dd36d2df8f30dde00fff99e43566bca50d6c90e3db52f7e99b97f5044a83a54b57fb425977a8017939e52c7405769341c88f3c4c117e0be7834e897a9c8

  • SSDEEP

    6144:plDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:plDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-19_747dd9725bde096e80343bd41765b8a4_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-19_747dd9725bde096e80343bd41765b8a4_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1540
    • \??\c:\windows\system\sethome4701.exe
      c:\windows\system\sethome4701.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\abc.lnk
    Filesize

    965B

    MD5

    2739d5b1bf6074b03caeae4a52cf29dc

    SHA1

    d29214bd313b3db1b26fbc95b7121d14133223d4

    SHA256

    ebdd49226da08749ddf8862fc8c7feb44effc8781a07bcbbff321172e9f460ec

    SHA512

    88127671aae6ee7097254feb1e8505be0cc97277d89215c1b3c79b1ebaea841d9b74588ea010708a8af06aa7e84e1bbc0a1f04eb159946404d4ac421037d3e2a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Filesize

    1KB

    MD5

    2d0ab1ed3a68b866db5ce9d4777edb63

    SHA1

    7b42f7ce664d3ffe8035cdf3839314f78994feec

    SHA256

    7fc92c7e061c13125b8f71aef0a6b81e6e1edc8ab2b5c3c5369b0c0864d9ce78

    SHA512

    14f04c0b35be4cc759810d709fa01f5c54a221c0d269693dcc145620b5b58584b9b844e998172a0393c19b3f0d6c972ac56814e73444df033404d9ac507e847d

    Download Submit

  • C:\Users\abc.lnk
    Filesize

    1KB

    MD5

    fbf067ee2a7e019c39609f1c0f94e0d6

    SHA1

    83503baa84caaa4370b0f2584cc2ba68f7c56f84

    SHA256

    236cf468eb96c6d9c9df1e8fc75556d7fe3cab613b39966b5dbed3e0e74bd27c

    SHA512

    7579ee68736494117e3942e04de04d6a03a066ea38514bb31c332a9ca23a7b2ff8692bbcd60170da625bd5cf2e6d59cc6500e5790528dfbd143364931b2894e5

    Download Submit

  • \Windows\system\sethome4701.exe
    Filesize

    284KB

    MD5

    eeee11a3eb512191d08f7e51e3607b44

    SHA1

    c37fc47195797aeee5aea4c1a830d92fed13dfb7

    SHA256

    69b4ee5e09f503c465ef87d252dbb5ae66b0b71587f0d64f116f35f79e243371

    SHA512

    9c55494d2d385b521cb0430b2929e3d89d3e84339bc9b7d06284f56738ce198f8094a12f9c944889dd2559c1b3ef9258b5fd748915685da41b0a2824bed93052

    Download Submit