Analysis Overview
SHA256
55e31b5024be7792d36b03671f731144356aa7dc83746fb1062c0e9eb341a33d
Threat Level: Known bad
The file 2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
ACProtect 1.3x - 1.4x DLL software
Loads dropped DLL
UPX packed file
Writes to the Master Boot Record (MBR)
Drops file in Program Files directory
Unsigned PE
Suspicious use of SetWindowsHookEx
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 12:14
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 12:14
Reported
2024-06-04 12:17
Platform
win7-20240221-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\JiaRong\JiaRsoft.jrs | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| File created | C:\Program Files\JiaRong\JiaRjishu.jrs | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3BB506AB-425B-43B0-BC82-28A61FCCF686}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F623A5E8-4AE4-494E-975B-3C5404428625} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4018F953-1BFE-441e-8A04-DC8BA1FF060E}\ = "gregn6" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07120975-B963-4F75-9B4D-0AC979FEBB5D}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9EF8E78-8E3A-428C-93C5-F52E146CB6FF}\ = "IGRPen" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4FA44042-1421-46DE-9ACA-A44753FF06C6}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C3112650-36D2-4928-9D6C-C0A21CCC1EBA}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2564DCE8-FEDB-4EB6-B7F9-5026F7F1041E}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB11F828-A97B-4BC3-9B7A-9D2DDEB1C229}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{04CEA260-DD00-4954-A81F-F0A201343CB9}\ = "IGRField" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E5561733-9CD9-4D47-AE6B-3CB10A3D6772}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60EB191F-5E63-41E7-807F-C66EC7A8EF26} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB11F828-A97B-4BC3-9B7A-9D2DDEB1C229}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53E18537-559D-4EF2-94C3-47A1EF38100F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{44CBB5DE-5AFB-4c3d-8F3F-0F70CA5372AD}\ToolboxBitmap32\ = "C:\\Program Files\\JiaRong\\JiaRjishu.jrs, 109" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B2CC2C43-CF42-4E38-BDBB-5C04DF11793F}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ACA069-B92C-401A-B175-354E00D538D9}\ = "IGRLine" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2564DCE8-FEDB-4EB6-B7F9-5026F7F1041E}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4708B2F-DC00-4EF6-9559-A5DD9E86047C}\ = "IGRFont" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48636E6A-758E-46C0-B37A-C2A2CAC9469A}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{07120975-B963-4F75-9B4D-0AC979FEBB5D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EBF161F0-F347-441A-9C0D-0ACA7824793B} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C04A6148-7500-41EF-8062-BD89A0A92D40}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D40307C2-9342-4C0D-9734-A103418186FE}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8FE11B07-22DC-4691-85D7-0469364B4B46}\ = "IGRFreeGridColumn" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C4ACA069-B92C-401A-B175-354E00D538D9}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CA58CB2-2AD1-4ad0-B3CC-5F5C000BBDEE}\AppID = "{4018F953-1BFE-441e-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48636E6A-758E-46C0-B37A-C2A2CAC9469A}\ = "IGRControls" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C04A6148-7500-41EF-8062-BD89A0A92D40} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{08513FC1-CCCE-4603-8DD1-35BA1CA8D1CD}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4AA885F-AF9C-4032-A65A-F3DFD458C289}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{07120975-B963-4F85-9B4D-0AC979FEBB5D} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C9EF8E78-8E3A-428C-93C5-F52E146CB6FF}\ = "IGRPen" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{72A79692-2F9E-4FEC-92CC-6B4A7375A3D6} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{08513FC1-CCCE-4603-8DD1-35BA1CA8D1CD}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7FC1D3A0-693F-486E-BDF3-02E98F50F9F3}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08513FC1-CCCE-4603-8DD1-35BA1CA8D1CD}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5C2FC87F-12F8-4A09-8A4A-792671C03C74}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A246AC9-1715-40B6-A483-DE9F3E8DA43C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A1C0E90D-B75A-4FFD-A542-54C9E44785A6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{39A2C13A-D695-44BD-8339-A94FA64CB62B}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CDAA7F5B-E100-49B7-93F2-6B66FC93BE55}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{44CBB5DE-5AFB-4c3d-8F3F-0F70CA5372AD}\TypeLib\ = "{4018F953-1BFE-441e-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4018F953-1BFE-441E-8A04-DC8BA1FF060E}\6.0 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1D1E02B3-E1BD-4C84-95F8-BB19BBB481F0}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B4AF4881-7230-4AE0-8D3A-02F96F339454}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B753063D-AEBA-4E5E-B53A-F89B68F1F622} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB11F828-A97B-4BC3-9B7A-9D2DDEB1C229}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E5561733-9CD9-4D47-AE6B-3CB10A3D6772}\ = "IGRCellBase" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5D15E31-FA9A-42BE-BE9C-8688E7D9D6A0} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{488B2328-67C0-42D1-A133-303FF60D8AE2} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCDB44D7-4E0B-4EB6-A1E2-092689E8A482}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28845384-ED9F-4D2E-986E-D52AC37A108F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE08C5A0-22B5-4664-9DAA-4BB97C2C0771}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97502458-7024-4194-9598-5B62001D8C1A} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{330F80F5-4568-4F70-BFCB-683D3B90FEBB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CE4B64D4-5B5C-4B74-8470-1CC62F8E9FC9}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{273631DD-1CAC-49E9-92EE-584F48921A1E}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C765E825-5F52-44CB-AAB6-FA89376DA4C0}\ = "IGRColumnSection" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24DE1EBE-5D9C-40EC-A11A-21AF7D0C0D36}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{60EB191F-5E63-41E7-807F-C66EC7A8EF26}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F9D573A-8350-4A94-BB9F-2D0FA787EC7C}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5C2FC87F-12F8-4A09-8A4A-792671C03C74}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRPrintViewer\CLSID | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe"
Network
Files
\Program Files\JiaRong\JiaRjishu.jrs
| MD5 | 259c1da17b442ac2f27ea1ff4625e7d3 |
| SHA1 | 54437d7ce0fc459ed603dc8709254c6971cd34e0 |
| SHA256 | 6272c686ea0209fe829ddaad0b9af8fbc253d521dbd7e84a1216c217a2f93c9a |
| SHA512 | 75281e8dcb997c28a5c864822fe0f984a4bb7ee7c1ca48400250184b7fdaddc4d23bdc601fc7fc42e214b7721931231635380398918631d0adf454a97f8e8796 |
memory/1624-5-0x0000000010000000-0x0000000010917000-memory.dmp
memory/1624-10-0x0000000010000000-0x0000000010917000-memory.dmp
memory/1624-11-0x0000000010000000-0x0000000010917000-memory.dmp
memory/1624-13-0x0000000010000000-0x0000000010917000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 12:14
Reported
2024-06-04 12:17
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\JiaRong\JiaRsoft.jrs | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| File created | C:\Program Files\JiaRong\JiaRjishu.jrs | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{72A79692-2F9E-4FEC-92CC-6B4A7375A3D6}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2564DCE8-FEDB-4EB6-B7F9-5026F7F1041E}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C56923D-4012-4D28-8283-1B294C5C2A06}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E66EBBF5-ED8D-44E7-8A6C-E6579ADCC7D4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A1C0E90D-B75A-4FFD-A542-54C9E44785A6}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C04A6143-7500-41EF-8062-BD89A0A92D40}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GridppReport\CurVer\ = "gregn.GridppReport.6" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRDisplayViewer.6\CLSID\ = "{1B5EA181-A38D-4f42-88B2-6AF74CF6D6C0}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRPrintViewerProps | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83CC68EF-B558-45BB-8023-6C4F3BDADA7B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5EB6E1E6-00B9-4469-AB22-EE4375D70E39}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2F421D7-73FA-462F-9BF5-7DA3E512CA00}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3BB506AB-425B-43B0-BC82-28A61FCCF686}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{330F80F5-4568-4F70-BFCB-683D3B90FEBB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F803AE1D-B578-490A-A1FE-38976AD2B625}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCDB44D7-4E0B-4EB6-A1E2-092689E8A482}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53E18537-559D-4EF2-94C3-47A1EF38100F}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CA0A5CBE-7EEC-44FD-ABFD-FC65BFED8618}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D40307C2-9342-4C0D-9734-A103418186FE}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9D573A-8350-4A94-BB9F-2D0FA787EC7C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24DE1EBE-5D9C-40EC-A11A-21AF7D0C0D36} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4FA44042-1421-46DE-9ACA-A44753FF06C6}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{77FD1006-7067-41FF-A712-0F356A6ACE8C}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C56923D-4012-4D28-8283-1B294C5C2A06}\ = "IGRTextFormat" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F00CE27D-D1E3-4EF6-9877-BF3233EBF551}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{04CEA260-DD00-4954-A81F-F0A201343CB9}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRPrintViewer | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CB11F828-A97B-4BC3-9B7A-9D2DDEB1C229}\ = "IGRDetailGrid" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6FA2BE8F-B674-49A9-A081-FE3968AE8D8D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E5561733-9CD9-4D47-AE6B-3CB10A3D6772}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE08C5A0-22B5-4664-9DAA-4BB97C2C0771}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60EB191F-5E63-41E7-807F-C66EC7A8EF26}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A9E920A1-C722-4A81-9FCF-4D5EBFFA21F4}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{23F65787-D22B-4CA6-BA49-D22B63CA353A}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A1C0E90D-B75A-4FFD-A542-54C9E44785A6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F00CE27D-D1E3-4EF6-9877-BF3233EBF551} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{04CEA260-DD00-4954-A81F-F0A201343CB9}\ = "IGRField" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4708B2F-DC00-4EF6-9559-A5DD9E86047C}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BB12AEBD-5839-4A5E-9944-65B6798381C8} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2564DCE8-FEDB-4EB6-B7F9-5026F7F1041E}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B5EA181-A38D-4f42-88B2-6AF74CF6D6C0}\ = "Grid++Report DisplayViewer 6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F803AE1D-B578-490A-A1FE-38976AD2B625}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{45F9B62D-9E33-484A-BB3C-BD58007BDAA2} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AACDAA8B-5EBB-4CC7-BCB9-C300FE7184A5}\ = "IGRPageFooter" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C04A6143-7500-41EF-8062-BD89A0A92D40}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28845384-ED9F-4D2E-986E-D52AC37A108F} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CD0A6964-D013-4DB6-96C4-5B1DE0DB8F1C}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FBA070AB-385F-4988-B7A1-CE6B72799B48} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01056F48-F4AB-4D9F-BE45-614F3313717D}\TypeLib | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60EB191F-5E63-41E7-807F-C66EC7A8EF26} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF39550B-2A23-418A-ACEC-812C70EA5A62}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF39550B-2A23-418A-ACEC-812C70EA5A62}\TypeLib\Version = "6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{23F65787-D22B-4CA6-BA49-D22B63CA353A}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2F421D7-73FA-462F-9BF5-7DA3E512CA00}\ = "IGRColumnCell" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF39550B-2A23-418A-ACEC-812C70EA5A62}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E66EBBF5-ED8D-44E7-8A6C-E6579ADCC7D4}\TypeLib\ = "{4018F953-1BFE-441E-8A04-DC8BA1FF060E}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4FA44042-1421-46DE-9ACA-A44753FF06C6}\ = "IGridppReport" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60EB191F-5E63-41E7-808F-C66EC7A8EF26}\ = "IGRE2XLSOption" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5DABF9AD-2396-4C11-BFD7-A5EE39772954} | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRDisplayViewer.6\ = "Grid++Report DisplayViewer 6.0" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\gregn.GRPrintViewerProps.6\CLSID\ = "{6CA58CB2-2AD1-4ad0-B3CC-5F5C000BBDEE}" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{330F80F5-4568-4F70-BFCB-683D3B90FEBB}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{77FD1006-7067-41FF-A712-0F356A6ACE8C}\ = "IGRSection" | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A9E920A1-C722-4A81-9FCF-4D5EBFFA21F4}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-04_fdd64c321de6b7c2753e4c97325a8609_hacktools_icedid.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.57:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.89.13.in-addr.arpa | udp |
Files
C:\Program Files\JiaRong\JiaRjishu.jrs
| MD5 | 259c1da17b442ac2f27ea1ff4625e7d3 |
| SHA1 | 54437d7ce0fc459ed603dc8709254c6971cd34e0 |
| SHA256 | 6272c686ea0209fe829ddaad0b9af8fbc253d521dbd7e84a1216c217a2f93c9a |
| SHA512 | 75281e8dcb997c28a5c864822fe0f984a4bb7ee7c1ca48400250184b7fdaddc4d23bdc601fc7fc42e214b7721931231635380398918631d0adf454a97f8e8796 |
memory/3144-6-0x0000000010000000-0x0000000010917000-memory.dmp
memory/3144-12-0x0000000010000000-0x0000000010917000-memory.dmp
memory/3144-13-0x0000000010000000-0x0000000010917000-memory.dmp