Overview

overview

7

Static

static

3

2024-04-28...id.exe

windows7-x64

7

2024-04-28...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    28-04-2024 20:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-28_5c96689f754ca1130c2f40142abbf53f_icedid.exe

  • Size

    729KB

  • MD5

    5c96689f754ca1130c2f40142abbf53f

  • SHA1

    ec49f26d537a0090dbdb284fa899905c9427f2e7

  • SHA256

    2cf71056d03d67ac7d43dc7a9eaf07a22d31652bb60321b19f7bbcfbd24fd4c9

  • SHA512

    d720dd796ccb41932f41512b32fe507933429bcf160d253ef647c806122e2535bcfd86011284a72ff1517747a0271b678dc3bbcd3f09d067406fb275db6bbed9

  • SSDEEP

    12288:lij4VFDC3X3y7PX0rI65PtN7AGF26o5HpZgLcqiz9BKbzXvPejDTRnG:lijWL65PoGF2HJ6Zy9BGDODT

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-28_5c96689f754ca1130c2f40142abbf53f_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-28_5c96689f754ca1130c2f40142abbf53f_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:840
    • C:\Users\Admin\AppData\Local\Temp\120A.tmp
      C:\Users\Admin\AppData\Local\Temp\120A.tmp
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      PID:760

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\120A.tmp
    Filesize

    145KB

    MD5

    c610e7ccd6859872c585b2a85d7dc992

    SHA1

    362b3d4b72e3add687c209c79b500b7c6a246d46

    SHA256

    14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

    SHA512

    8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\AdobeARM.log
    Filesize

    148B

    MD5

    4d4a830cc3153198bf99f1a5f300a063

    SHA1

    332803275a342d967cfcb8297d337abd55184531

    SHA256

    f6e6b5bd434e730d25919e4d2f0aac65335a9f1a74275291b58687d71a9f2dc7

    SHA512

    9705a308ce582015d8424fe4ce03fa32f95e4eb48191203b3a3e415aa2454a59b479d3a4261461729a615707e89967c3814cf5b9cf6e0c102ccc44aa8127efb8

    Download Submit
  • memory/840-0-0x00000000002E0000-0x0000000000331000-memory.dmp
    Filesize

    324KB

    Download
  • memory/840-1-0x00000000002E0000-0x0000000000331000-memory.dmp
    Filesize

    324KB

    Download