16989e6faa9b9028b5e91ab258ea45fb639cde543e052a48c276e863c3dd74b8

General

Target

2024-06-04_98f83c097047a9e302b627172af938e1_icedid.exe
Size

2.8MB
MD5

98f83c097047a9e302b627172af938e1
SHA1

98f420bb4963351ba936d8c897bd50d42ad5ab22
SHA256

16989e6faa9b9028b5e91ab258ea45fb639cde543e052a48c276e863c3dd74b8
SHA512

5e38177405409d1e1b262819caa5ee4fab4e181223c5a613ef6d9b3bbaa5894f22c038ea321b44f70ad82ca1fe644c5c8f0a46e20b096e6343b641ac51d86721
SSDEEP

49152:a+viGaanWy2WlsCJyo3LrFPO/NsbQtJGhAyGWv4uAfHxf:HinanWy2W2q7rhmgG0oHxf

Score

9^/10

aspackv2 upx

Malware Config

Signatures

Detects executables packed with ASPack 8 IoCs

resource	yara_rule
behavioral1/files/0x000d00000001232c-51.dat	INDICATOR_EXE_Packed_ASPack
behavioral1/memory/1924-54-0x0000000074310000-0x00000000744EF000-memory.dmp	INDICATOR_EXE_Packed_ASPack
behavioral1/memory/1924-56-0x0000000074310000-0x00000000744EF000-memory.dmp	INDICATOR_EXE_Packed_ASPack
behavioral1/memory/1924-55-0x0000000074310000-0x00000000744EF000-memory.dmp	INDICATOR_EXE_Packed_ASPack
behavioral1/memory/1924-57-0x0000000074310000-0x00000000744EF000-memory.dmp	INDICATOR_EXE_Packed_ASPack
behavioral1/memory/1924-58-0x0000000074310000-0x00000000744EF000-memory.dmp	INDICATOR_EXE_Packed_ASPack
behavioral1/memory/1924-65-0x0000000074310000-0x00000000744EF000-memory.dmp	INDICATOR_EXE_Packed_ASPack
behavioral1/memory/1924-67-0x0000000074310000-0x00000000744EF000-memory.dmp	INDICATOR_EXE_Packed_ASPack

UPX dump on OEP (original entry point) 25 IoCs

resource	yara_rule
behavioral1/memory/1924-1-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-0-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-3-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-7-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-2-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-5-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-26-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-38-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-11-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-31-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-49-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-48-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-45-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-43-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-40-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-35-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-33-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-28-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-24-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-20-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-21-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-17-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-13-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-9-0x0000000010000000-0x000000001003F000-memory.dmp	UPX
behavioral1/memory/1924-59-0x0000000010000000-0x000000001003F000-memory.dmp	UPX

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x000d00000001232c-51.dat	aspack_v212_v242

Loads dropped DLL 1 IoCs

pid	Process
1924	2024-06-04_98f83c097047a9e302b627172af938e1_icedid.exe

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1924-1-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-0-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-3-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-7-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-2-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-5-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-26-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-38-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-11-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-31-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-49-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-48-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-45-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-43-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-40-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-35-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-33-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-28-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-24-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-20-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-21-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-17-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-13-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-9-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1924-59-0x0000000010000000-0x000000001003F000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1924	2024-06-04_98f83c097047a9e302b627172af938e1_icedid.exe
1924	2024-06-04_98f83c097047a9e302b627172af938e1_icedid.exe
1924	2024-06-04_98f83c097047a9e302b627172af938e1_icedid.exe

C:\Users\Admin\AppData\Local\Temp\2024-06-04_98f83c097047a9e302b627172af938e1_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-04_98f83c097047a9e302b627172af938e1_icedid.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\PEAS.dll

Filesize
917KB

MD5
f6cfcfc04668dd30cacbb030d8ab4511

SHA1
5656f56c14deb1e96aca851da42634a2fdf847e9

SHA256
9c15d64e0fe69ab4bab37c48975ca71f43d9761c1437037fbf2109681d49590d

SHA512
58d474b429421b450f03052391326dae5dad1e16f56a3be3f1ce103f56a29702f71932169d8c23f6a99f94edc8e14d4570533225112cfbf8affd03302689a164

Download Submit
memory/1924-33-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-59-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-7-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-2-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-5-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-26-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-28-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-11-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-31-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-49-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-48-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-45-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-43-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-40-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-67-0x0000000074310000-0x00000000744EF000-memory.dmp

Filesize
1.9MB

Download
memory/1924-3-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-38-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-24-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-0-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-54-0x0000000074310000-0x00000000744EF000-memory.dmp

Filesize
1.9MB

Download
memory/1924-20-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-21-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-17-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-13-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-9-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-56-0x0000000074310000-0x00000000744EF000-memory.dmp

Filesize
1.9MB

Download
memory/1924-55-0x0000000074310000-0x00000000744EF000-memory.dmp

Filesize
1.9MB

Download
memory/1924-57-0x0000000074310000-0x00000000744EF000-memory.dmp

Filesize
1.9MB

Download
memory/1924-58-0x0000000074310000-0x00000000744EF000-memory.dmp

Filesize
1.9MB

Download
memory/1924-1-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1924-65-0x0000000074310000-0x00000000744EF000-memory.dmp

Filesize
1.9MB

Download
memory/1924-35-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download

Analysis

Sharing