e6b3dd968205b3fbe67c5a316776a5c239ed75f2c3494090c94e55cf58c0ac96

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 20:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
Size

5.0MB
MD5

34ecf1778be97a77d7d5f97ed7fab4c7
SHA1

19c0e3e539ba11b28ba11c340fcce0035f4bbab6
SHA256

e6b3dd968205b3fbe67c5a316776a5c239ed75f2c3494090c94e55cf58c0ac96
SHA512

abe48d9991d569a746a4c03a75dc94af8413b78d5a9d4769adea4d916fe4f92d42c905775bb0ee3358b92c4cb7441dfb72855ed745e2c93f3eb00d3d01f8a8b4
SSDEEP

98304:0eyxOT2yYv9eaHzRInuOBfKLpj3DK0d/HkANIeatvqEgG5Dw7:0s2QalInuLNDJd/9N6MGq7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2668	MS¸üÐÂÆ÷.exe
2404	rar.exe
1200	Process not Found

Loads dropped DLL 3 IoCs

pid	Process
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2668	MS¸üÐÂÆ÷.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\rar.exe	MS¸üÐÂÆ÷.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	rar.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2404	rar.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
2668	MS¸üÐÂÆ÷.exe
2668	MS¸üÐÂÆ÷.exe
2404	rar.exe
2404	rar.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2668	2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe	28
PID 2184 wrote to memory of 2668	2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe	28
PID 2184 wrote to memory of 2668	2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe	28
PID 2184 wrote to memory of 2668	2184	2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe	28
PID 2668 wrote to memory of 2404	2668	MS¸üÐÂÆ÷.exe	31
PID 2668 wrote to memory of 2404	2668	MS¸üÐÂÆ÷.exe	31
PID 2668 wrote to memory of 2404	2668	MS¸üÐÂÆ÷.exe	31
PID 2668 wrote to memory of 2404	2668	MS¸üÐÂÆ÷.exe	31

C:\Users\Admin\AppData\Local\Temp\2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-19_34ecf1778be97a77d7d5f97ed7fab4c7_icedid.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\MS¸üÐÂÆ÷.exe
  C:\Users\Admin\AppData\Local\Temp\MS¸üÐÂÆ÷.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Program Files\rar.exe
    "C:\Program Files\rar.exe"
    3⤵
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\rar.exe

Filesize
839KB

MD5
6278004b663de081a6595975f606dc2f

SHA1
34c161e9ef0fc7b7a6911f4d898d895e31ede95d

SHA256
dd5bed095baf2db16173b198f1368ebaa7dbb8c2c68d357e119c12bd23bfd83a

SHA512
c755898d278a9edcb8934c17dd50ae664e621313881279dad44ff8975a3be4f2f45d87febff0257f36e4fa7e5c92efb2a94651d491541e109b0ec949acd10e4d

Download Submit
C:\Program Files\rar.exe

Filesize
477KB

MD5
ff32b720442d2981bfa70368a4d85244

SHA1
4658dd2931eb18e9cece2d086e10468a864aff88

SHA256
2e256ec88dd97d1c65ed2a2ed87d3487b890ee9c6e0ef47db6d00017ec2ef6a8

SHA512
7ba3de8e2076b18ba828b03043397ebc83d09ef928e428eced2d611c70497c695db2ccf8c8c336a92b1bbebf6c789f8bd84c197feb822a382d89e044bed1410b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MS¸üÐÂÆ÷.exe

Filesize
3.2MB

MD5
3eff7f815f3be26eb59751f75ac840e1

SHA1
4eed14d1feedb31eb07c296a1d7494e63cb6dac2

SHA256
5eaf565e86da11e27d863df0e7e98a8cde13cdbe1adde4e532a9786cbf1da3e0

SHA512
f1133e8a97728c1880ed57a28cdc92449acde3faf03ce4a5b7129729c19de0b70baccfec4fdf4bd4c41e75733bfed112336ab28b67b1bbe4c4cedbf5fd9646a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\MS¸üÐÂÆ÷.exe

Filesize
3.9MB

MD5
67de76fd634e9302c309864d9fc37136

SHA1
593dadfc12cb7458466d42fb457f87485d02eaa4

SHA256
46c2015167d6bfab87f68b0da9d47f379950a4187d5afdb0d587b6b1a2e1d108

SHA512
998965351cca76f716609bb035106449d56ef3df605beb13c2c589aac1554b77cd2ac911c2d02efcb798a59df332303b0054f9d462f19aa7f99c52baa69ddbc4

Download Submit
\Program Files\rar.exe

Filesize
896KB

MD5
e98976f4033a89fb667e4e0beb35477e

SHA1
06072399d811c33329f4665cfb98110e449b3784

SHA256
57b410b4ebafe42d768c4a24e19e67aa32e1e5b4a391098327140850093527b3

SHA512
ee971faf39871280b2692a232ae5afbbfaafd16b51ec354c4f166f72b7a8ecad6a8f19e087bbc6105b894720c78d6a44384d54bf397429a471e2c4d20ed5336b

Download Submit
\Program Files\rar.exe

Filesize
3.1MB

MD5
76982a06a2dc02dbaec9fbdc8880f05c

SHA1
8062066a4817afeabbf766728611c83c8d99fc69

SHA256
b1a2b3ef0cb9beca15ecae7393e0a4d591fa2268a1bde4a11ae56489a90001e2

SHA512
f2221b89d3914175451be7f2396c7c229c79f22c8f9ee79db96fe3816fca26fa63ec7f0ca3be807f3c47b64cda43a049c7cd4aacbee4aa674f6a684dec2c9d38

Download Submit
\Users\Admin\AppData\Local\Temp\MS¸üÐÂÆ÷.exe

Filesize
3.4MB

MD5
32bc1b78126b1986a420a69abae8d38b

SHA1
b1cf4c39b641f5a1f1cdc188109c97d5daba9063

SHA256
10e55bb4ac0596a98097ea928f4b8d38bab91a47d5f45cef1862dfff2036be0a

SHA512
ad87515ef39e526248d41523040aebd4b19e194b0ca2330a469734ab689ad90a6714fe012313a345db2b800d0947b5cd64a86a86407fe708f4a6465d4a39697f

Download Submit
\Users\Admin\AppData\Local\Temp\MS¸üÐÂÆ÷.exe

Filesize
3.6MB

MD5
d3187435116ce0689f50b38dbced5b95

SHA1
47664e2ac4405244bd1c420e345b0b0d7e893229

SHA256
91fef6e2b86c443c72cdf72bbd80ceec38c49123dcf9d4755df0d011d734829d

SHA512
fbcff87c75560f534191d296306c71c20efbe3978714d9dca1403927432a3d93aaa472df40953d9f72551b86f97a855101856edb31b4d6853b135246acf69bbc

Download Submit
memory/2184-8-0x0000000000260000-0x000000000026F000-memory.dmp

Filesize
60KB

Download