1686c93217870145da30c6d392fb5ff5c5c15306c571d5bb4b25795bf2ba0105

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 13:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
Size

3.4MB
MD5

0a2a7ef62f1bd5b87ae27a40ccbf8a25
SHA1

7a2f98389de9a3e5d55e2162f7387f3995126055
SHA256

1686c93217870145da30c6d392fb5ff5c5c15306c571d5bb4b25795bf2ba0105
SHA512

49b49afafb32206c3e192b74d6d970c69765da33f75ddde5c2a0eaa080887ddd4c0b7419ffd3ff0616ee97b5ac4403ea62f1ab1289711faa1afc7bb246c6ccec
SSDEEP

49152:h16phQCfmajgVl0PhYpGOsWQSSLmFZK+QGLj98XgaScqIAttN7D/fCIvStqH+u02:GQChgVl0PhTCFjQGLyXgq1a3lpBV

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 60 IoCs

pid	Process
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	924	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	924	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
3820	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 3820	1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe	83
PID 1096 wrote to memory of 3820	1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe	83
PID 1096 wrote to memory of 3820	1096	2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe	83

C:\Users\Admin\AppData\Local\Temp\2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Users\Admin\AppData\Local\Temp\2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe
  "C:\Users\Admin\AppData\Local\Temp\2024-05-03_0a2a7ef62f1bd5b87ae27a40ccbf8a25_icedid.exe" RunSendSoftOnlineInfo
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3820

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x45c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Config.ini

Filesize
36B

MD5
5a827b59f2db9c0bbd8291cc2a990074

SHA1
db0cef5fc216f6130937aec826f2bc20f65f28c1

SHA256
2b6fa068c455868a0bde1bf32813b733140a4efaa4f78cc7f77c86d4e0753fc7

SHA512
d5fbd20814151a1cc8ef446cf717241d8fcb951f6ce53b18e4f224400f91ee2f575a0985b57728867b95a101c580bb43c339dfca03c91e90fb3cd52f0eeb093e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SoftApp.ini

Filesize
34B

MD5
8e9624b64e11f14aa14cf2c6804fed15

SHA1
f49d9610865501f8c4f282979a96905b95b09e2d

SHA256
485c32595d61ee4da3eae295aa8e4d389ca6adc36e92bcab4f3fefe3266fd9c5

SHA512
345dcd30fe3690d1d623ecd1c5392d5fb54e337a9062ca9076e7ef77d151922832be0fdc863a3b0c91133d3b75269948a6c9eb6c4d082d5a4be511b4b736c46e

Download Submit