Overview

overview

7

Static

static

3

2024-05-22...id.exe

windows7-x64

7

2024-05-22...id.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 20:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-22_d44efb72504091938162b3abd4391638_icedid.exe

  • Size

    1.5MB

  • MD5

    d44efb72504091938162b3abd4391638

  • SHA1

    e09d00e97c0b1304c509c219b911a9ae135d32b2

  • SHA256

    03aae19b62ea1fa45aa048bc2f4097e04b2358ccb5293334b15fdac93823a816

  • SHA512

    dcc2dd89140a50aae20cdff43c8839b896067b93f15a556f113547b3be3420366d440e60fcb978cb0a46dc9447fd7f3dfab6a38ec9ac35bb7d810c0905f54434

  • SSDEEP

    24576:dd6hy43m6UfrVtApyjomsKUMtENhW4Fi7G8XQ1:dshTm6UfrVtApyMmsKUMtENDiyYQ

Score
7/10
evasionspywarestealertrojan

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-22_d44efb72504091938162b3abd4391638_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-22_d44efb72504091938162b3abd4391638_icedid.exe"
    1⤵
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:868
    • C:\Users\Admin\AppData\Local\Temp\290.tmp
      C:\Users\Admin\AppData\Local\Temp\290.tmp
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      PID:2332
    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      2⤵
        PID:1556

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\AdobeARM.log
      Filesize

      848B

      MD5

      9a987642638588c197afd6d1b4af6808

      SHA1

      5a4e10d512954137a11e88051ee583a7ca20b6a2

      SHA256

      41d15c94a3e50c231cbe18922aad82b0dbdfa21c291bfe7d1b5f6987c3ffb4d0

      SHA512

      076068d1b740fc59effa572377b2fdce62a4a3efd81efbdcb0e11a85f9d726adc6f4da90d3497a7f4f8e87aca62c937426719b14abf41c2e75a21d085d234050

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ArmUI.ini
      Filesize

      251KB

      MD5

      864c22fb9a1c0670edf01c6ed3e4fbe4

      SHA1

      bf636f8baed998a1eb4531af9e833e6d3d8df129

      SHA256

      b4d4dcd9594d372d7c0c975d80ef5802c88502895ed4b8a26ca62e225f2f18b0

      SHA512

      ff23616ee67d51daa2640ae638f59a8d331930a29b98c2d1bd3b236d2f651f243f9bae38d58515714886cfbb13b9be721d490aad4f2d10cbba74d7701ab34e09

      Download Submit

    • \Users\Admin\AppData\Local\Temp\290.tmp
      Filesize

      145KB

      MD5

      c610e7ccd6859872c585b2a85d7dc992

      SHA1

      362b3d4b72e3add687c209c79b500b7c6a246d46

      SHA256

      14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

      SHA512

      8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

      Download Submit

    • memory/868-1-0x00000000002D0000-0x0000000000318000-memory.dmp

      Filesize

      288KB

      Download