Overview

overview

7

Static

static

3

2024-04-20...id.exe

windows7-x64

7

2024-04-20...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    20/04/2024, 06:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-20_f4c643c6d310c79018da4ab405e2a8b8_icedid.exe

  • Size

    284KB

  • MD5

    f4c643c6d310c79018da4ab405e2a8b8

  • SHA1

    2efa89b5eaab5c7c5baeb57bc811ffcb63cb74fc

  • SHA256

    3e46c0a488563b5ec02f1bab132195accacae030e50324073af6ca2bab6386dd

  • SHA512

    dc937e0f25b18aded9d0484c216e00740b64053ecc850c083202d73e5b02c5b8deeb1591fb803fb45ee119f87a0fcf533f159f40e6a0809f9c75e77d0a0836be

  • SSDEEP

    6144:UlDx7mlcAZBcIdqkorDfoR/0C1fzDB9ePHSJ:UlDx7mlHZo7HoRv177ePH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-20_f4c643c6d310c79018da4ab405e2a8b8_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-20_f4c643c6d310c79018da4ab405e2a8b8_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2292
    • \??\c:\windows\system\sethome5919.exe
      c:\windows\system\sethome5919.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2508

Network

  • flag-us
    DNS
    1235633.3322.org
    2024-04-20_f4c643c6d310c79018da4ab405e2a8b8_icedid.exe
    Remote address:
    8.8.8.8:53
    Request
    1235633.3322.org
    IN A
    Response
  • flag-us
    DNS
    1235633.3322.org
    2024-04-20_f4c643c6d310c79018da4ab405e2a8b8_icedid.exe
    Remote address:
    8.8.8.8:53
    Request
    1235633.3322.org
    IN A
No results found
  • 8.8.8.8:53
    1235633.3322.org
    dns
    2024-04-20_f4c643c6d310c79018da4ab405e2a8b8_icedid.exe
    124 B
     126 B
     2
    1

    DNS Request

    1235633.3322.org

    DNS Request

    1235633.3322.org

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\abc.lnk
    Filesize

    965B

    MD5

    ffe130a8a3ea451ea42a4ce80a108d76

    SHA1

    ae4c1412cc563faa1af9cc6168eaf37ccb7bf98a

    SHA256

    d865c8aa544f00b7fad8b15d14713a4a818f4d1066f0fd819d3a70fc25274175

    SHA512

    0b0115af0ac68a4f8637ae2215e17e1f0ffb904acaeec653763529ccd73f3cba6d01529b9e8037313dc96ef0f94b240c572d7efc6d52c79eb6008910e0f5d3d1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Filesize

    1KB

    MD5

    e17da7d45f12a31a9a48bebaa3f79190

    SHA1

    672f5fcd657b65a9c61f04bfc12acbadad2f62d8

    SHA256

    ea4f70132fa60b37b956698d067870c25d0df4032968e40e770141f024c6b0de

    SHA512

    b0ba483695160948cefbe20f1acbd7c4824018b7c58813d023df34c30f2501ef4f64484553d74be9fac7d9eb5a81cd076c0b8d53c60e6439d3a3492c543bdd1b

    Download Submit

  • C:\Users\abc.lnk
    Filesize

    1KB

    MD5

    97a48f9b67cd984528746800acd38533

    SHA1

    400e1d9ee2db8a89773c1f06d372168430b247f3

    SHA256

    b5f52b15e5ce4004f6680c2cf3ff008e52bdf32191bbb0bdf087c5691b60f781

    SHA512

    46605a2a7f9ffec2cd215c0d7be71d20dd3b339ea00b458c13ca2d581c91e51c852c2b335d9e8a743c89cc3090fcb4b4c8580178155bfa5230268669c5bad6e3

    Download Submit

  • \Windows\system\sethome5919.exe
    Filesize

    284KB

    MD5

    1de647ad47e0669b07c58410072c0b99

    SHA1

    fb89680ff4a8ed4012f1ca3ebfb18c4d3f67683d

    SHA256

    0788f1932e39b89a3d7b108de475f53c1880e02089cc303c418c0b62c3b44002

    SHA512

    1deaffcf76442181f09ef71b0c3a5ffbe7c4d95d1eae32acb0653e6e48b4833ee589f14c074e72f5b792fd7e313be33b1d2e05ecd2de785e44137fb82b41bc2e

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.