Overview

overview

8

Static

static

3

2024-05-29...id.exe

windows7-x64

8

2024-05-29...id.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 12:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-29_0352b93c913fa5d1fab9c60bf18b941f_http-browser_icedid.exe

  • Size

    5.2MB

  • MD5

    0352b93c913fa5d1fab9c60bf18b941f

  • SHA1

    b39965db857dd4f18940bf3822cb1ba93c0bbd69

  • SHA256

    d5ccfa5c05356ee427badf9a3c5357bc1d73993a91026c4a2c3dcccc949a7df1

  • SHA512

    98e159cc0c74e7468ed16dff2c1aadd8f29b30e9b51b1a2a084c637c55af1d3d75da17b4e9e6b56c526b810edd18c95f574111afc200880fb5af9a7e36602bbe

  • SSDEEP

    98304:wKP4+lG4O+8F7FE2LOl7ERRBqLbcUF6dfPNwlR4X2Ebhx4f3ZSbEr:RWZO2L/4vdF6NKl62EbhyfHr

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 19 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-29_0352b93c913fa5d1fab9c60bf18b941f_http-browser_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-29_0352b93c913fa5d1fab9c60bf18b941f_http-browser_icedid.exe"
    1⤵
    • Drops file in Drivers directory
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://pan.baidu.com/share/home?uk=1076800277#category/type=0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2456
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2456 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2624

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b89e65d42ddf8e84f0de0b89059ea8b7

          SHA1

          51d17e6f506d2c3ee10e63891ce59189c2572634

          SHA256

          c4e66272c0eb8af2a065aff87996fad3ac9cd983c0a3491c530c4cbc31987cd3

          SHA512

          dbff4a6de7a4adf99ec9029345a9cc6c58b528a09af36708176504cd9d00b7dba993628eb63e2373ef8a962b8aea1c1f51f86eb8f6eee8511dd3a3c5b300a4b7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          cd2c0a2dd418132a81d20fc865f2f281

          SHA1

          91e5f3bc33f9e25824041e37d2ab4984c452683a

          SHA256

          ee4943deeb17b560b1a6ba6622a68673f51b030eefa4125f79daf1229b57070a

          SHA512

          517e8c0a78b18cf92db867a3c1e724fc49f91391ac332adc1e8181fdcb48b3fe4317dc4e8c237a7f6ee35215f0de257f1b1a4fc569f8668adff3ae7904e12827

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5037c9f2b7736e470e38ffa6375527ce

          SHA1

          0e0142e9131b3098205a118c579dea28b8628b83

          SHA256

          da17b884b31803fb75338a0ae00ff9cb3bfecbcc20bf49913c21aa83da608bc9

          SHA512

          3e3b984594da5f667eacc27de60e6cd0795c04701eacd8647817483dac47206617fbf501a6820915fc8cb914656e4b808cbcc0212a6058bf79a80c45c61e2bab

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          58785318d6b9afc18b7d8846a731e5d9

          SHA1

          ca84a57f7fd210fd1d95b28e412bf722d76a588e

          SHA256

          1dce2b75bd49c8acc583e74ea7c54031491abcb5462f5eacf014099a40ceb7fb

          SHA512

          0a2d95acd28b2e650c59ae4a5fcbbaad8827bac3124fe7e1795c4dcb58921f3adca9828d47eb716a29840aed30372d8e16f07efcc53cbab24b816f42f78237b6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          797f5df4a34177aff7c7d29dd8d4f1a1

          SHA1

          fcc831183a2490c6f5508171171ce92a0ec11505

          SHA256

          e4a97a7ebea014b93d83818222e88ea501785080843e0b50f83d3025093b1ec7

          SHA512

          8aa76b1c5c785d7e2bb91767b8c740487678206e1c4cc7ca20d529f1109ce2ddf382c838091d60582532ccb76cdbb89a6a060314dc49635f1e7d2c2532c9783b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2850d974cea3666728c835348c8a042f

          SHA1

          fd67f7c19f2dd45d5373c1925a24fa1e5b02b402

          SHA256

          3650e7fc1c031eed297f2cca962e19fcd7f785049072af0be94c1593fdca4e6e

          SHA512

          a4da180df7ae2824ca04411add7886b294bd53fafdbb6fe85749274d79509b1157aa1478b61ff31e793e8099488cd5c5826a0c5626e47294f36e655bdc0710ef

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          84e3fb41854232e074a22d81df0ba879

          SHA1

          77f524a312c8db64be0f302dd8632f6991d532fb

          SHA256

          18b88acc1e6d962d6f9d6203ddfeff172e3f50d547beb11fee6a1a6f7263d3e4

          SHA512

          f82d2f919a681260a12bd9f9c9b45d32950a5690b6786e9e009deea09b2a630d609605d73d88e3dcb3b0cc3df34b1a0de6577113ccc9e9ba36cc532694aa54ab

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e81e089dea1bf1838d2cd6e10a2d57e7

          SHA1

          5d0c1b4806fe88beec8c0db59e28bc78fafbf397

          SHA256

          0f36a6d769b0c19b564a17f2f84f7660d571326994f5299494eb58ec9fa72264

          SHA512

          6d4e33b0a37b451506c16f7156c15f32ca3ca6db4f793166e958b7304914380eb7886ca646d917b959d86c0d242e7a7b7767a7ebebd5ca38abea556a1236a4bd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5ae2ae36abc4231402bc355f7972da5d

          SHA1

          57a38779dce6d5314a3422d5dfe57741507c57a7

          SHA256

          5fef7394cba4e914309631e287c73ca684bd53d97646a5b8305f65134133cd96

          SHA512

          70d2d46e48000cf222d647b30b291893336234f531b985170c779cce6febc806ddef07b4192badfd4cb79112a1a6480e15596772612e3d0580aec6b4f8fe57b4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          14492fe2dca072ca3dc36e552f017a00

          SHA1

          3a088fdd8b14c2da746d039c19bcc92d89264c0c

          SHA256

          b40a26655617137a2836ce03c7627ce452bfd01906f546d93e87254c011d6e8f

          SHA512

          2b68229d1066f031d8a148977fa3162441ac607794d44ac791faedcf27fedce0ab341638c9ad227c8997dd0188cd5dcbde9b169653632f1b863422d35ffa55ad

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6e93e3449df634b25ed99df36ba7c98d

          SHA1

          a87716704b9d61a805f21c4edecdf7ea2f2eb737

          SHA256

          bc5e28dd85add4e117d4219cdb56b4cc70892f416b5c580c4caf4e70e847838a

          SHA512

          018fd9450da070271954293b84a177b1b9178d7b7264803e829fd59fa9d25af6a8cb3e183c251ebf161a45f99091844a4eba12b622e600a377cbe17675702aba

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bf3f9534568b8c79b4e8cace25f91107

          SHA1

          be1fb3628bbc663e99c3b6601c0b712c59301684

          SHA256

          cdcfcdbc3fcad676db60de243e04c2bc820a6fd12870a0ebd2760b36339ac3f6

          SHA512

          85e0f7fbe476087dce70af8b6b991cc82a0c156c6d5700ec2cacab757cfc8b0ad981845053e8a93e4a115e39800eeb7d57ffcdc75b489e6828a2e29b366aaa47

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b95d9db0ca69779160f1325c3cca6780

          SHA1

          9fecaec526cdd078176d26073117e72db9a86c20

          SHA256

          c68f43d1fbc6be13347ab8b5fb89a87e066224969a60c47d691cf90fd5ce2c93

          SHA512

          91d8cfaa8c2be464cd7fefbbce2fd1bf844ff8dcdafb70402668a63688aa2b27d3a15d83be37e642f20791ae3f221b17cfea4ce7946c93f159d6c2b68b7b907e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          87f07128d2e51e32d5a696e2e6798bae

          SHA1

          d66c01f6da7eb39887020a2b69e83ff33c80b2a2

          SHA256

          5f1aceadc982c6b317ad50bc426330a31715b5a3ff465032cbfbae8b63b9ac5c

          SHA512

          de9f33b7d2842c1fe8fb52d70ff26a1f810a2dd7ce53c295bfcbc79d1bebba555ac5e231af0a4a6ab66b6e1379d72a20db44c1d24a00d169b81243684f841b8b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          75c750bd2e80969f75a2e5ffe3612879

          SHA1

          05e429bdff1a938a849942375b86eb3c43b32249

          SHA256

          bfa057b68fb73309ec9013919f4373f28f83155cb9cbc83df38cd6d9639ce643

          SHA512

          67e80c268bccac44a3dc50853c1cc002e79b9c9bcd81e6a13d2f94744459231d1d58ba239b7893fbdbc177d17302c8970a729512767121692aeb725665df96c4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fd261affc3b99ebb54e86bcef69dfe16

          SHA1

          5c9a56ad9df2c8974794bd79c9f9584c6f735ca2

          SHA256

          b8957f87bf7cfe76861ddee21d180c928f2b580da3b1340da059a24198b4f6b1

          SHA512

          a106288d5133f855eb753db9d6145c7c4a25cd117d8bea3222023594ac84e056feecd0d446a6bf3085d1d1950e85ea1ee5b6d661e95c89cb656fafe9484f3653

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5ed634ea4f6c8b3b8004efc0d069ae66

          SHA1

          1ae0513ca0f21c0a5dc0642784de3fb7dafae9ae

          SHA256

          3d5ba387837d1317568717fe291f7a02946620cb746ac114d8ea47a229042e61

          SHA512

          3958f0204135410e31402e26dab53faef63a86038e7366c57f498c95a6fa1be75f1a265b7da169d5860823395e7525714251d6728e9dc1d5b33c40bf946d7b6a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fe180081b7db85c3fbeb28e3ed6d0842

          SHA1

          d172d719e4f98f91c8df8b42ec8410e0d9fbc712

          SHA256

          b38b0dee524b014ab2537e4f0b3fc3908accbd960a8f612b7900576f0bafe42a

          SHA512

          0bcdfe0763cecf1cded34e46a0f021b46d4568ae4a5b924d6475407f98fa566b4a840062172dbdfdce999016b7f211aff2e2865e4992cb8fa8af4c0548fd0d8e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          626ad93e2adb4585fcc2373c1e1a66b8

          SHA1

          54f7978d221efd2a90fb58cdac22a0bfbe78f7ee

          SHA256

          51a042d8caef3c6bd3467d22f205bcc101c881aa84f9ed1ef276aca6ed1aea7d

          SHA512

          9cecc03ff821142da32010f7199993dd2b8dc360a8f17cd297556a4997875e0053acb842d0ef7af38c0287ea5fa2ae0ae09df62897da35774e232a7c816b0a5a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab7D0D.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar7E8D.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit