Analysis
-
max time kernel
136s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
05/04/2024, 01:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe
-
Size
276KB
-
MD5
ef17153c49f364b0e1f7071e46e97b1b
-
SHA1
5122933c86f5697bcf27b414c28812817ff5ecdd
-
SHA256
7fff1ba9425f0121489f42a71a35147e9d3b500f59fd0791e37a75a04cc22ba0
-
SHA512
6f5b7d9bed190b9aee2d6202d954aa56a87503ee37ed13e31d2081723ad35359275dcde4b8f2868edb7cae73a53d837c8f7227a77cac5aa13c00ccc8e99d7f51
-
SSDEEP
3072:a9SAotmbH0WZLRukNenpUYDPFobi856uXBajxUnQ/JL0yuq9xzGsl5QzWJmlPuwF:QbH7LKUOoGk6u4TNQq9r/I
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 14 IoCs
description ioc Process File opened for modification C:\windows\system32\drivers\etc\service6.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\windows\system32\drivers\etc\service4.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\windows\system32\drivers\etc\service8.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\windows\system32\drivers\etc\s3er333vice10.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\windows\system32\drivers\etc\service7.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\windows\system32\drivers\etc\service9.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\windows\system32\drivers\etc\service10.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\windows\system32\drivers\etc\s5erv444ice6.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\windows\system32\drivers\etc\service1a.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\windows\system32\drivers\etc\service3.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\windows\system32\drivers\etc\SeRvice5.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\windows\system32\drivers\etc\s2er333vice9.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\windows\system32\drivers\etc\s4erv444ice5.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\windows\system32\drivers\etc\service2a.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\GameVersionUpdate1 = "c:\\program files\\gameversionupdate1\\GameUpdate1.exe" 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe -
Drops file in Program Files directory 28 IoCs
description ioc Process File opened for modification C:\Program Files\Windows NT\AccessOries2.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Windows NT\AccessOries8.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Windows NT\AccessOries10.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Windows NT\A1ccess777Ories3.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Microsoft\SeaPort6.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Microsoft\SeaPort8.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Microsoft\S8ea555Port5.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Windows NT\AccessOries9.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Windows NT\A2ccess777Ories4.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Microsoft\SeaPort3.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Microsoft\S7ea555Port4.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Windows NT\AccessOries1.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Windows NT\AccessOries4.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Microsoft\S6ea222Port10.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Windows NT\AccessOries3.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Windows NT\AccessOries5.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Microsoft\SeaPort2.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Microsoft\SeaPort7.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Microsoft\SeaPort1.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Microsoft\SeaPort5.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Microsoft\S5ea222Port9.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Windows NT\AccessOries7.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Windows NT\AccessOries6.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Windows NT\A3ccess999Ories5.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Windows NT\A4ccess999Ories6.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Microsoft\SeaPort4.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Microsoft\SeaPort9.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe File opened for modification C:\Program Files\Microsoft\SeaPort10.inI 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2192 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe 2192 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe 2192 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe 2192 2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-05_ef17153c49f364b0e1f7071e46e97b1b_icedid.exe"1⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2192