Analysis

  • max time kernel
    137s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/04/2024, 19:31

General

  • Target

    2024-04-03_3ea811646f5879f610c1c28e8f9b3d94_icedid.exe

  • Size

    284KB

  • MD5

    3ea811646f5879f610c1c28e8f9b3d94

  • SHA1

    566c3d6db137593599d4cdf5f6509ab3ff0db66e

  • SHA256

    4fc4aaebf044b4c4dfe45737f94baf194dbc156bcc2810a87af4fc458cb15074

  • SHA512

    b78fe6f3ea39aeb76b2968c1b9f663980827eb674a1971bb43da6cbd3e656301d140d886405b7aa432605b510c47e0236104af91f845240f4f1ebda7c3e70fa9

  • SSDEEP

    6144:9lDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:9lDx7mlHZo7HoRv177ePH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-03_3ea811646f5879f610c1c28e8f9b3d94_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-03_3ea811646f5879f610c1c28e8f9b3d94_icedid.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2768
    • \??\c:\windows\system\sethome2718.exe
      c:\windows\system\sethome2718.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3836
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1260 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2720

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk

            Filesize

            1KB

            MD5

            7ea5e6af0fb75696345c6719e9a6006e

            SHA1

            5b79080d1c3527380bb4fb826e69863338c015bd

            SHA256

            64179ff03983ba466fbce8ad80ac1304ef024a700c0a06a590f083a898e631f1

            SHA512

            1cbc69fcbedcf317c8cc50d3f45ec28e3561af4e99a1371ece3ea1b9eaab86e7f983d723909b2e6b45c1ab0c16f9194b56693aca0363503ea1efbb83ef2d0ab8

          • C:\Users\abc.lnk

            Filesize

            1KB

            MD5

            d8c84e3733720328313a3d5b4e1a5ef8

            SHA1

            1acf7e8c645bcdd2f8c72b2eb36d4edd9311bde8

            SHA256

            b82e03f3ec8cb03ff74e03637a15c25ee07ef26479403082238fb2f8d3abe04a

            SHA512

            aad16b23e44f7003107b937eb647e5d4e83adda7d3f1ddca47cfbacdb2008b28b287989fbd9788109ab62aa3ec77b550371d762e19d8bcfe78cdc91e81b2ce54

          • \??\c:\windows\system\sethome2718.exe

            Filesize

            284KB

            MD5

            5231b8636a5addbe63c15745ac3ae743

            SHA1

            3fdb6ff4e553f795ce233c59703915a6f2d1b6fe

            SHA256

            e008b6a2a2d3a2ea63b16309c678ac89aad5301e324c3ed6d8b71fd13fbc38fe

            SHA512

            9b0f11cd9933e205d89514988fc1c8b741ea93238349bcb6ef80baa38ba5a0e2a19954674bcc76f9fe323d701bd80ac9a9e273c65656f943ceb90c4672381d92