Overview

overview

7

Static

static

3

2024-04-05...id.exe

windows7-x64

7

2024-04-05...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    05-04-2024 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-05_b752a01e0302b2c229e10f11cdcfca38_icedid.exe

  • Size

    284KB

  • MD5

    b752a01e0302b2c229e10f11cdcfca38

  • SHA1

    9d693cbba74be6fbf9a091e28659fd62fba99b18

  • SHA256

    d346055c75f12be1603847f56639816a6bc97293a2a4d9ca9338a987da30f76e

  • SHA512

    eff68b91b32520b7bc2aa0864c6fcd3f1eeaefa1fa9bab20e29226b6ea9eb06333793dd546b9a31d578eeb7270442cf3b089ded43042310e68260b1fe07637a7

  • SSDEEP

    6144:olDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:olDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-05_b752a01e0302b2c229e10f11cdcfca38_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-05_b752a01e0302b2c229e10f11cdcfca38_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1876
    • \??\c:\windows\system\sethome6855.exe
      c:\windows\system\sethome6855.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\abc.lnk
    Filesize

    965B

    MD5

    56e4308d08b84cf76d20943b0ea5d7f7

    SHA1

    bfdc93bec5c52483bdc1a7de5c0b266c66e34cf0

    SHA256

    f5fb3079ad3dfecca886f20a17eaba447d6abb300bf9a5b9490469baf23a349d

    SHA512

    ab048513c24597e1e019b27871ec1d777aaf49e8277ecb079da5bf762f60964862c4d755e9d75a730f95077d6f838e9842bc5bc55d06ece0945ef775de7403fb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Filesize

    1KB

    MD5

    0bde54f6bb7fa49c86d3e75c8c2874a5

    SHA1

    94aa6d806645bb181747c202a5245739d7d0392f

    SHA256

    d4879558f025cd9e8426f955378dd9686ea99069246bf7e177effae1ca280b26

    SHA512

    e7a7d82da54ba489df4fe6d015dfb2c36fe5c8e871b5199b75c0c401fc4f388e68b0e16eda4fb8977ae732672780fabb0066d319f4ebce2e1e0f46b309534f0f

    Download Submit

  • C:\Users\abc.lnk
    Filesize

    1KB

    MD5

    05d7ac163f983d7b24c5bb4551120b42

    SHA1

    c9f3c9da70a8bb65418fa75be91376641145e6f8

    SHA256

    107dad81edab6632c8ddc550cfe3372059a35b58b157ffeb09c54de05c4f1a41

    SHA512

    d0673b8c827f50d91da3de6883105a06a714720af6379ada227eca6f3792f6a7a5231c7623ab8392ea23cf6b0d7fea8f6cecaffc9de21570600e996129546938

    Download Submit

  • \Windows\system\sethome6855.exe
    Filesize

    284KB

    MD5

    94b552d560e2369b420585a1bb038ee4

    SHA1

    1f33fa14937bc9cd6664964b5e4441aad6bf8283

    SHA256

    a2731c9ee6cd426b21748ac7583e9defdab99c608b8e66e79b9002f7cdc641b7

    SHA512

    bb7e7b3588d01c3701c5cdf390e37d3f5cc2cff85752b6f1eeb0e3b1497cf8254dc83d4f17df450667f7d77c0fcb995f2d15bf3569df3003f66c54090561a06f

    Download Submit