Overview

overview

7

Static

static

3

2024-04-05...id.exe

windows7-x64

7

2024-04-05...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    117s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/04/2024, 05:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-05_b752a01e0302b2c229e10f11cdcfca38_icedid.exe

  • Size

    284KB

  • MD5

    b752a01e0302b2c229e10f11cdcfca38

  • SHA1

    9d693cbba74be6fbf9a091e28659fd62fba99b18

  • SHA256

    d346055c75f12be1603847f56639816a6bc97293a2a4d9ca9338a987da30f76e

  • SHA512

    eff68b91b32520b7bc2aa0864c6fcd3f1eeaefa1fa9bab20e29226b6ea9eb06333793dd546b9a31d578eeb7270442cf3b089ded43042310e68260b1fe07637a7

  • SSDEEP

    6144:olDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:olDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-05_b752a01e0302b2c229e10f11cdcfca38_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-05_b752a01e0302b2c229e10f11cdcfca38_icedid.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4776
    • \??\c:\windows\system\sethome9828.exe
      c:\windows\system\sethome9828.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3336

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
          Filesize

          1KB

          MD5

          0191104e1d5e2fb4f19d7ed7a6b4cdf8

          SHA1

          51f3ddeea8605de4788f9c41235ff5b8915bdf4c

          SHA256

          c38d7e300d5ab6b184ccd5ec9f4c3aa95cce8238910cc1cd67cca2b74abfa1d0

          SHA512

          20a7014eef977f59342d334cd1390ec4984046954f5598e46b0c306120c6ce8f2e74348f539bc3b70ad300168cf0bafe8fb668a56aae54a7674f7cd7d2678f5c

          Download Submit

        • C:\Users\abc.lnk
          Filesize

          1KB

          MD5

          acf0bf91b47dcaf2c95dbf1057359497

          SHA1

          e96b0926d55db75dff64ea55797ed8dd95d40800

          SHA256

          6525f4957fddfb11b7bfb5a34f27b95e311ba9d84a5f25d15f01012b2f9e30f6

          SHA512

          925055b170b23580c070261aa2a6ce7ad31f67fc2ce86edc76bb2b45f88a106518108760fe88074708f97c190bced6e3bd79ad1d5953d096ca8b437be8ba5787

          Download Submit

        • C:\Windows\System\sethome9828.exe
          Filesize

          284KB

          MD5

          9b4de45dd451049c641f4a7dc4280591

          SHA1

          3a4837d93f6d9f983b6f37010820f42f1e634936

          SHA256

          ccfb3af53786e79f34669075a290567ba90b0f6a583bc4def7093590612b5aa4

          SHA512

          30ef19afc23628b5a9aa5789bafc2446df6b43167cc00ad1bbb5187221038f794ed390b6be8fe2c2b54a5846c044da3d2955c17be5d35db87001b6a6d73cbbc6

          Download Submit