Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/04/2024, 19:31

General

  • Target

    2024-04-03_3ea811646f5879f610c1c28e8f9b3d94_icedid.exe

  • Size

    284KB

  • MD5

    3ea811646f5879f610c1c28e8f9b3d94

  • SHA1

    566c3d6db137593599d4cdf5f6509ab3ff0db66e

  • SHA256

    4fc4aaebf044b4c4dfe45737f94baf194dbc156bcc2810a87af4fc458cb15074

  • SHA512

    b78fe6f3ea39aeb76b2968c1b9f663980827eb674a1971bb43da6cbd3e656301d140d886405b7aa432605b510c47e0236104af91f845240f4f1ebda7c3e70fa9

  • SSDEEP

    6144:9lDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:9lDx7mlHZo7HoRv177ePH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-03_3ea811646f5879f610c1c28e8f9b3d94_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-03_3ea811646f5879f610c1c28e8f9b3d94_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2476
    • \??\c:\windows\system\sethome7526.exe
      c:\windows\system\sethome7526.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2444

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\abc.lnk

          Filesize

          965B

          MD5

          470c90674fefd449bbd566dc219bb12c

          SHA1

          ed6bf4ba6bd3afc32683ef5834fe337118ab8b3b

          SHA256

          7d86c5c7290730d016b6b196e5ccbe1b93a8839f6f61911345b22c3c0828554e

          SHA512

          affb0be3d2422a660d4a6a86e076632df313387ca24c0f0168ea644999e134f440c28b66c3f0b7c6e93f52750c0a86aaeb9d069f2c495cf97cbcd960826f8c5e

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

          Filesize

          1KB

          MD5

          28bc852174635c1177fcb3b49d7d1f16

          SHA1

          ad4482730dd2583acac572e02119aa5424c12f17

          SHA256

          20afc74913b099cdf7aab4c2d216134a290e7a65886f9a783f67fae6b929f317

          SHA512

          398f8e4a0643d3d578466a2ffaf5a6c7707cc734dd0819b05b31fcb34d14269cd4cbb758b7e29a99a250bc1b5bf9404df25a0f0bb27e2193c69620c1cee6e12b

        • C:\Users\abc.lnk

          Filesize

          1KB

          MD5

          a1dc5e64fd9240773402bf2481e25ccf

          SHA1

          da531501f138a8dbf4ffd619508e19ffe517cf7d

          SHA256

          5a2df053995d0ae68a0eab5f99858895a1be291702c817284b954af6f40e040f

          SHA512

          52e55482914b513fc41c198def5444a3eb82b61aac0c167aa58f475bdf122827ea735d50553c0f273bd081cbf52c61d415f95df6bd970f2f8ead0d4e541b80fa

        • \Windows\system\sethome7526.exe

          Filesize

          284KB

          MD5

          3f4f24abf3187230201cdbdf3f0b8d60

          SHA1

          44640e8805ae1e2ca9f0fb4090ec231b6692a61e

          SHA256

          2e3d36480d0805b515b7c1b23a979e899e29c213db09244e5831e25f95677351

          SHA512

          1ce972892362ea5e11602e0f9f10feb87444c28cf37f1f7da6ca2d039a145a77e76434caac40597387a9b6ec95e538a76f76cf11ad44f30b6cdf06280dc0b1ae