fcfcce615df05c8353742b35e9f845cc0a2db8a4c1c6c7eb86d7ea7c65a904ea

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
Size

1.4MB
MD5

bd74d093dd3ea76367ceb5e2d977325a
SHA1

5c5e6f27c5530b1564b8a193c02b530a104438ae
SHA256

fcfcce615df05c8353742b35e9f845cc0a2db8a4c1c6c7eb86d7ea7c65a904ea
SHA512

3d32e6842469e9f90b52056e6d43455953098ae587529d96f39c79955aac1c7a4b6bb5225f821355aab39c884a99acbf36d19d7e774b470c75158dff0325d259
SSDEEP

24576:IwgvxpSx21lzFME6f3hGuea+S9UStNT4:Iwgj1MRrLfLnT

Score

1^/10

Malware Config

Signatures

Modifies registry class 14 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\RobinSoftware.SimpleVideoPlayer.playlist	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\.playlist\ = "RobinSoftware.SimpleVideoPlayer.playlist"	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{5D751337-E937-4512-A519-89BE55EBB79F}	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\CLSID\{5D751337-E937-4512-A519-89BE55EBB79F}\ = 9d89bbb29cbf91ad9db08daa9db095afce86ccb29d8699b299af94cace86cbca998698ce9c9694ce9d968d9f9d9598cb9d86becf99bf91b3ce86cbca9d95ccab99959dab9daf919f9c968ccf9b968ccc9cbf91ae9c89bbd1ce86a79f9d96c8b29bcd88cf9dbfc89f	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\.playlist	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\RobinSoftware.SimpleVideoPlayer.playlist\shell\open\command	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\RobinSoftware.SimpleVideoPlayer.playlist\shell	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\RobinSoftware.SimpleVideoPlayer.playlist\ = "Playlist"	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\RobinSoftware.SimpleVideoPlayer.playlist\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe,1"	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\RobinSoftware.SimpleVideoPlayer.playlist\shell\open	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\RobinSoftware.SimpleVideoPlayer.playlist\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe\" \"%1\""	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\RobinSoftware.SimpleVideoPlayer.playlist\DefaultIcon	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2244	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
2244	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
2244	2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-09_bd74d093dd3ea76367ceb5e2d977325a_icedid.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2244

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads